Simple Security Vulnerabilities
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System. Affected is an unknown function of the file /obs/book.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to launch the attack remotely. VDB-206166 is...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in SourceCodester Simple Online Book Store System. It has been classified as problematic. Affected is an unknown function of the file /admin/edit.php. The manipulation of the argument eid leads to cross site scripting. It is possible to launch the attack remotely. The...
6.1CVSS
6.1AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin_ add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier...
9.8CVSS
9.5AI Score
0.002EPSS
A vulnerability was found in SourceCodester Simple Online Book Store and classified as critical. This issue affects some unknown processing of the file book.php. The manipulation of the argument book_isbn leads to sql injection. The attack may be initiated remotely. The associated identifier of...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in SourceCodester Simple Student Information System and classified as critical. This issue affects some unknown processing of the file manage_course.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been....
9.8CVSS
9.7AI Score
0.005EPSS
A vulnerability was found in SourceCodester Simple Student Information System. It has been rated as critical. This issue affects some unknown processing of the file admin/departments/manage_department.php. The manipulation of the argument id with the input...
9.8CVSS
9.6AI Score
0.002EPSS
A vulnerability was found in SourceCodester Simple E-Learning System. It has been classified as critical. Affected is an unknown function of the file comment_frame.php. The manipulation of the argument post_id leads to sql injection. It is possible to launch the attack remotely. The exploit has...
7.5CVSS
7.8AI Score
0.001EPSS
A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument searchPost leads to sql injection. The attack can be launched remotely. The...
9.8CVSS
9.8AI Score
0.002EPSS
A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as problematic. This vulnerability affects unknown code of the file downloadFiles.php. The manipulation of the argument download leads to information disclosure. The attack can be initiated remotely. The...
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability classified as problematic was found in SourceCodester Simple E-Learning System. This vulnerability affects unknown code of the file /claire_blake. The manipulation of the argument Bio leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability was found in SourceCodester Simple E-Learning System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /claire_blake. The manipulation of the argument phoneNumber leads to sql injection. The attack may be launched remotely. The exploit....
7.5CVSS
7.8AI Score
0.001EPSS
A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input '">alert(/xss/) leads to cross site scriptin...
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input ">alert(1) leads to cross site scripting. It is possible to...
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability classified as critical was found in SourceCodester Simple E-Learning System. Affected by this vulnerability is an unknown functionality of the file classroom.php. The manipulation of the argument post_id leads to sql injection. The attack can be launched remotely. The exploit has...
8.8CVSS
9AI Score
0.001EPSS
The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied...
9.8CVSS
9.3AI Score
0.003EPSS
The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST...
8.8CVSS
8.6AI Score
0.001EPSS
The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.7AI Score
0.001EPSS
A vulnerability was found in SourceCodester Simple E-Learning System 1.0. It has been rated as critical. This issue affects some unknown processing of the file classRoom.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x6770715a WHERE 8795=8795 AND (SELECT 8342...
8.8CVSS
8.9AI Score
0.001EPSS
A vulnerability classified as critical has been found in SourceCodester Simple E-Learning System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x74666264 WHERE 5610=5610 AND (SELECT 7504 FROM(SELECT...
8.8CVSS
9AI Score
0.001EPSS
The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.7AI Score
0.001EPSS
The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used...
9.3CVSS
9.3AI Score
0.002EPSS
A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated...
9.8CVSS
9.7AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name...
4.8CVSS
5.1AI Score
0.001EPSS
The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site...
6.1CVSS
6AI Score
0.001EPSS
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id"...
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
7.2CVSS
7.3AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is...
4.8CVSS
4.7AI Score
0.001EPSS
Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save,...
5.4CVSS
5.3AI Score
0.001EPSS
In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored...
5.4CVSS
5.3AI Score
0.001EPSS
The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may...
5.4CVSS
5.1AI Score
0.001EPSS
Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater...
8.8CVSS
8.8AI Score
0.002EPSS
Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.003EPSS
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.001EPSS
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.001EPSS
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via...
6.5CVSS
6.4AI Score
0.001EPSS
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place --->...
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are...
9.8CVSS
9.5AI Score
0.026EPSS