Threat Intelligence Database

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access controls. Remote exploitation of the attack is possible.

A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

Evoluted PHP Directory Listing Script versions up to and including 4.0.5 contain a reflected cross-site scripting (XSS) vulnerability. The vulnerability occurs in index.php where the dir parameter is reflected without proper HTML encoding in the page title and breadcrumb navigation anchor href attributes. This allows attackers to inject arbitrary JavaScript that executes in the context of a victim's browser. The CVSS 4.0 base score is 5.1, indicating a medium severity level. No official patch or remediation guidance is currently available from the vendor.

CodeAstro Student Attendance Management System version 1.0 contains a SQL injection vulnerability in an unknown function within /attendance-php/index.php. The vulnerability is triggered by manipulation of the Username argument and can be exploited remotely without authentication. The vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity. No official patch or remediation guidance is currently available from the vendor. Exploit code has been published but there are no confirmed reports of exploitation in the wild.

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization. The attack can be launched remotely. The exploit has been made public and could be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public and may be used.

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint `/index.php?route=/queries/user/`. The application reflects user-supplied input from the id parameter into the HTML response without proper sanitization or output encoding. An attacker can craft a malicious URL containing JavaScript code. When a victim visits the crafted URL, the injected script executes in the victim's browser within the context of the vulnerable application. This could allow attackers to execute arbitrary JavaScript, potentially leading to session hijacking, phishing attacks, or manipulation of page content. Version 2.2.5 fixes the issue.

SourceCodester Pizzafy Ecommerce System version 1.0 contains a file inclusion vulnerability in the /index.php file. This flaw allows remote attackers to manipulate the 'page' argument to include files. The vulnerability has a medium severity rating with a CVSS score of 5.3. No official patch or remediation guidance is currently available from the vendor. Exploit code has been published but no known exploits in the wild have been reported.

SourceCodester Pizzafy Ecommerce System version 1.0 contains a file inclusion vulnerability in the /admin/index.php file. This vulnerability arises from manipulation of the 'page' argument, allowing remote attackers to include files. The vulnerability has a medium severity with a CVSS 4.0 base score of 5.3. There is no official patch or remediation available at this time, and no known exploits are currently observed in the wild.