» 2022 » 1월

CVE-2021-41929

Posted on 2022년 1월 25일2022년 1월 25일 by admin

CVE-2021-41929

Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Management System 1.0 by oretnom23, allows attackers to execute arbitrary code via the about page.

Source: CVE-2021-41929

CVE-2021-41659

Posted on 2022년 1월 25일2022년 1월 25일 by admin

CVE-2021-41659

SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field.

Source: CVE-2021-41659

CVE-2021-41660

Posted on 2022년 1월 25일2022년 1월 25일 by admin

CVE-2021-41660

SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php.

Source: CVE-2021-41660

CVE-2021-41658

Posted on 2022년 1월 25일2022년 1월 25일 by admin

CVE-2021-41658

Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading System by oretnom23, allows attackers to execute arbitrary code via the fullname and username parameters to the users page.

Source: CVE-2021-41658

CVE-2021-41471

Posted on 2022년 1월 25일2022년 1월 25일 by admin

CVE-2021-41471

SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters.

Source: CVE-2021-41471

CVE-2021-41472

Posted on 2022년 1월 25일2022년 1월 25일 by admin

CVE-2021-41472

SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters.

Source: CVE-2021-41472

CVE-2021-4088

Posted on 2022년 1월 25일2022년 1월 25일 by admin

CVE-2021-4088

SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.

Source: CVE-2021-4088

CVE-2021-40909

Posted on 2022년 1월 25일2022년 1월 25일 by admin

CVE-2021-40909

Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud.

Source: CVE-2021-40909

CVE-2022-23437

Posted on 2022년 1월 25일2022년 1월 25일 by admin

CVE-2022-23437

There’s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Source: CVE-2022-23437

CVE-2021-40596

Posted on 2022년 1월 25일2022년 1월 25일 by admin

CVE-2021-40596

SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter.

Source: CVE-2021-40596