Latest vulnerabilities [Sunday, January 07, 2024]

Stay informed with our daily updates on the latest software vulnerabilities discovered in 2024. We provide detailed insights into each vulnerability's severity, impact, and mitigation strategies, helping you secure your systems against emerging threats.
Latest vulnerabilities [Sunday, January 07, 2024]
Daily Snapshot: 2024's Latest Software Vulnerability Analysis - Your Essential Guide to Today's Cybersecurity Landscape
{{titre}}

Last update performed on 01/07/2024 at 11:57:05 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(7) HIGH VULNERABILITIES [7.0, 8.9]

Source : us.ibm.com

Vulnerability ID : CVE-2023-47145

First published on : 07-01-2024 19:15:08
Last modified on : 07-01-2024 19:15:08

Description :
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

CVE ID : CVE-2023-47145
Source : psirt@us.ibm.com
CVSS Score : 8.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/270402 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105500 | source : psirt@us.ibm.com


Source : vuldb.com

Vulnerability ID : CVE-2023-7208

First published on : 07-01-2024 07:15:07
Last modified on : 07-01-2024 07:15:07

Description :
A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7208
Source : cna@vuldb.com
CVSS Score : 8.0

References :
https://github.com/unpWn4bL3/iot-security/blob/main/13.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249742 | source : cna@vuldb.com
https://vuldb.com/?id.249742 | source : cna@vuldb.com

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-7209

First published on : 07-01-2024 09:15:08
Last modified on : 07-01-2024 09:15:08

Description :
A vulnerability was found in Uniway Router up to 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boaform/device_reset.cgi of the component Device Reset Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249758 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7209
Source : cna@vuldb.com
CVSS Score : 7.5

References :
https://drive.google.com/file/d/1XDZA4ibiYNcxTwq60vYCr03_6M_cvJ_2/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.249758 | source : cna@vuldb.com
https://vuldb.com/?id.249758 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0264

First published on : 07-01-2024 05:15:09
Last modified on : 07-01-2024 05:15:09

Description :
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820.

CVE ID : CVE-2024-0264
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/ | source : cna@vuldb.com
https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py | source : cna@vuldb.com
https://vuldb.com/?ctiid.249820 | source : cna@vuldb.com
https://vuldb.com/?id.249820 | source : cna@vuldb.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2024-0267

First published on : 07-01-2024 06:15:47
Last modified on : 07-01-2024 06:15:47

Description :
A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249823.

CVE ID : CVE-2024-0267
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%201.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249823 | source : cna@vuldb.com
https://vuldb.com/?id.249823 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0268

First published on : 07-01-2024 08:15:07
Last modified on : 07-01-2024 08:15:07

Description :
A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender/age/city leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249824.

CVE ID : CVE-2024-0268
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%202.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249824 | source : cna@vuldb.com
https://vuldb.com/?id.249824 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7210

First published on : 07-01-2024 10:15:08
Last modified on : 07-01-2024 10:15:08

Description :
A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability.

CVE ID : CVE-2023-7210
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://note.zhaoj.in/share/eRbUygGMiJcp | source : cna@vuldb.com
https://vuldb.com/?ctiid.249765 | source : cna@vuldb.com
https://vuldb.com/?id.249765 | source : cna@vuldb.com

Vulnerability : CWE-287


(22) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : vuldb.com

Vulnerability ID : CVE-2024-0265

First published on : 07-01-2024 05:15:09
Last modified on : 07-01-2024 05:15:09

Description :
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability.

CVE ID : CVE-2024-0265
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE | source : cna@vuldb.com
https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py | source : cna@vuldb.com
https://vuldb.com/?ctiid.249821 | source : cna@vuldb.com
https://vuldb.com/?id.249821 | source : cna@vuldb.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2024-0270

First published on : 07-01-2024 08:15:07
Last modified on : 07-01-2024 08:15:07

Description :
A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file item_list_submit.php. The manipulation of the argument item_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249825 was assigned to this vulnerability.

CVE ID : CVE-2024-0270
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%201.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249825 | source : cna@vuldb.com
https://vuldb.com/?id.249825 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0271

First published on : 07-01-2024 09:15:09
Last modified on : 07-01-2024 09:15:09

Description :
A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file addmaterial_edit.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249826 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0271
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%206.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249826 | source : cna@vuldb.com
https://vuldb.com/?id.249826 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0272

First published on : 07-01-2024 11:15:16
Last modified on : 07-01-2024 11:15:16

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file addmaterialsubmit.php. The manipulation of the argument material_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249827.

CVE ID : CVE-2024-0272
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%208.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249827 | source : cna@vuldb.com
https://vuldb.com/?id.249827 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0273

First published on : 07-01-2024 11:15:16
Last modified on : 07-01-2024 11:15:16

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as critical. Affected is an unknown function of the file addwaste_entry.php. The manipulation of the argument item_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249828.

CVE ID : CVE-2024-0273
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%203.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249828 | source : cna@vuldb.com
https://vuldb.com/?id.249828 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0274

First published on : 07-01-2024 12:15:14
Last modified on : 07-01-2024 12:15:14

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file billAjax.php. The manipulation of the argument item_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249829 was assigned to this vulnerability.

CVE ID : CVE-2024-0274
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%202.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249829 | source : cna@vuldb.com
https://vuldb.com/?id.249829 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0275

First published on : 07-01-2024 12:15:14
Last modified on : 07-01-2024 12:15:14

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file item_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249830 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0275
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%204.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249830 | source : cna@vuldb.com
https://vuldb.com/?id.249830 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0276

First published on : 07-01-2024 13:15:08
Last modified on : 07-01-2024 13:15:08

Description :
A vulnerability classified as critical has been found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file rawstock_used_damaged_smt.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249831.

CVE ID : CVE-2024-0276
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%205.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249831 | source : cna@vuldb.com
https://vuldb.com/?id.249831 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0277

First published on : 07-01-2024 13:15:08
Last modified on : 07-01-2024 13:15:08

Description :
A vulnerability classified as critical was found in Kashipara Food Management System up to 1.0. This vulnerability affects unknown code of the file party_submit.php. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249832.

CVE ID : CVE-2024-0277
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%209.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249832 | source : cna@vuldb.com
https://vuldb.com/?id.249832 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0278

First published on : 07-01-2024 14:15:43
Last modified on : 07-01-2024 14:15:43

Description :
A vulnerability, which was classified as critical, has been found in Kashipara Food Management System up to 1.0. This issue affects some unknown processing of the file partylist_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249833 was assigned to this vulnerability.

CVE ID : CVE-2024-0278
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2010.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249833 | source : cna@vuldb.com
https://vuldb.com/?id.249833 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0279

First published on : 07-01-2024 14:15:43
Last modified on : 07-01-2024 14:15:43

Description :
A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. Affected is an unknown function of the file item_list_edit.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249834 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0279
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2011.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249834 | source : cna@vuldb.com
https://vuldb.com/?id.249834 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0280

First published on : 07-01-2024 15:15:08
Last modified on : 07-01-2024 15:15:08

Description :
A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file item_type_submit.php. The manipulation of the argument type_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249835.

CVE ID : CVE-2024-0280
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2012.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249835 | source : cna@vuldb.com
https://vuldb.com/?id.249835 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0281

First published on : 07-01-2024 15:15:09
Last modified on : 07-01-2024 15:15:09

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file loginCheck.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249836.

CVE ID : CVE-2024-0281
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2013.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249836 | source : cna@vuldb.com
https://vuldb.com/?id.249836 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7213

First published on : 07-01-2024 19:15:08
Last modified on : 07-01-2024 19:15:08

Description :
A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249769 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7213
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/2/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249769 | source : cna@vuldb.com
https://vuldb.com/?id.249769 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-7214

First published on : 07-01-2024 20:15:47
Last modified on : 07-01-2024 20:15:47

Description :
A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7214
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/3/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249770 | source : cna@vuldb.com
https://vuldb.com/?id.249770 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-7211

First published on : 07-01-2024 10:15:08
Last modified on : 07-01-2024 10:15:08

Description :
A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to reliance on ip address for authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-249766 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7211
Source : cna@vuldb.com
CVSS Score : 5.6

References :
https://drive.google.com/file/d/11thSuALGcn0C_9tbmYu8_QzTXtBnCoNS/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.249766 | source : cna@vuldb.com
https://vuldb.com/?id.249766 | source : cna@vuldb.com

Vulnerability : CWE-291


Vulnerability ID : CVE-2024-0261

First published on : 07-01-2024 02:15:44
Last modified on : 07-01-2024 02:15:44

Description :
A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability.

CVE ID : CVE-2024-0261
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.249817 | source : cna@vuldb.com
https://vuldb.com/?id.249817 | source : cna@vuldb.com
https://www.youtube.com/watch?v=q-CVJfYdd-g | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0263

First published on : 07-01-2024 04:15:08
Last modified on : 07-01-2024 04:15:08

Description :
A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249819.

CVE ID : CVE-2024-0263
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://0day.today/exploit/description/39212 | source : cna@vuldb.com
https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.249819 | source : cna@vuldb.com
https://vuldb.com/?id.249819 | source : cna@vuldb.com
https://www.youtube.com/watch?v=HWOGeg3e5As | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2023-7212

First published on : 07-01-2024 17:15:08
Last modified on : 07-01-2024 17:15:08

Description :
A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249768. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7212
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://hmxwjm7x03.feishu.cn/docx/FPjhdYcQvocR4gxy34Rc0pmon5e?from=from_copylink | source : cna@vuldb.com
https://vuldb.com/?ctiid.249768 | source : cna@vuldb.com
https://vuldb.com/?id.249768 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-0260

First published on : 07-01-2024 00:15:42
Last modified on : 07-01-2024 00:15:42

Description :
A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816.

CVE ID : CVE-2024-0260
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo | source : cna@vuldb.com
https://vuldb.com/?ctiid.249816 | source : cna@vuldb.com
https://vuldb.com/?id.249816 | source : cna@vuldb.com

Vulnerability : CWE-613


Vulnerability ID : CVE-2024-0266

First published on : 07-01-2024 06:15:47
Last modified on : 07-01-2024 06:15:47

Description :
A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of the argument First Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249822 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0266
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://drive.google.com/file/d/1U60z1xzBzJjalbmwBmPD5NjJ4pPaDevF/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.249822 | source : cna@vuldb.com
https://vuldb.com/?id.249822 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0286

First published on : 07-01-2024 18:15:16
Last modified on : 07-01-2024 18:15:16

Description :
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843.

CVE ID : CVE-2024-0286
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.249843 | source : cna@vuldb.com
https://vuldb.com/?id.249843 | source : cna@vuldb.com

Vulnerability : CWE-79


(4) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2024-0282

First published on : 07-01-2024 16:15:44
Last modified on : 07-01-2024 16:15:44

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability.

CVE ID : CVE-2024-0282
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2014.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249837 | source : cna@vuldb.com
https://vuldb.com/?id.249837 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0283

First published on : 07-01-2024 16:15:44
Last modified on : 07-01-2024 16:15:44

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file party_details.php. The manipulation of the argument party_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249838 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0283
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2015.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249838 | source : cna@vuldb.com
https://vuldb.com/?id.249838 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0284

First published on : 07-01-2024 17:15:08
Last modified on : 07-01-2024 17:15:08

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as problematic. This issue affects some unknown processing of the file party_submit.php. The manipulation of the argument party_address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249839.

CVE ID : CVE-2024-0284
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2016.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249839 | source : cna@vuldb.com
https://vuldb.com/?id.249839 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0262

First published on : 07-01-2024 02:15:44
Last modified on : 07-01-2024 02:15:44

Description :
A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input </title><scRipt>alert(0x00C57D)</scRipt> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249818 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0262
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://mega.nz/file/zEsxyIYQ#re6pHT-2OGX9SNk1OpygDCQYu1RpBiOrQ_2QS6beRos | source : cna@vuldb.com
https://vuldb.com/?ctiid.249818 | source : cna@vuldb.com
https://vuldb.com/?id.249818 | source : cna@vuldb.com

Vulnerability : CWE-79


(0) NO SCORE VULNERABILITIES [0.0, 0.0]

This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.