CVE-2023-43739

The ‘bookisbn’ parameter of the cart.php resource

does not validate the characters received and they

are sent unfiltered to the database.

Source: CVE-2023-43739

CVE-2023-43662

ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191.

Source: CVE-2023-43662

CVE-2023-44167

The ‘name’ parameter of the process_registration.php resource

does not validate the characters received and they

are sent unfiltered to the database.

Source: CVE-2023-44167

CVE-2023-44168

The ‘phone’ parameter of the process_registration.php resource

does not validate the characters received and they

are sent unfiltered to the database.

Source: CVE-2023-44168

CVE-2023-43014

Asset Management System v1.0 is vulnerable to

an Authenticated SQL Injection vulnerability

on the ‘first_name’ and ‘last_name’ parameters

of user.php page, allowing an authenticated

attacker to dump all the contents of the database

contents.

Source: CVE-2023-43014

CVE-2023-44174

Online Movie Ticket Booking System v1.0 is vulnerable to

an authenticated Stored Cross-Site Scripting vulnerability.

Source: CVE-2023-44174

CVE-2023-43740

[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]

Source: CVE-2023-43740

CVE-2023-43013

Asset Management System v1.0 is vulnerable to an

unauthenticated SQL Injection vulnerability on the

’email’ parameter of index.php page, allowing an

external attacker to dump all the contents of the

database contents and bypass the login control.

Source: CVE-2023-43013

CVE-2023-5053

Hospital management system version 378c157 allows to bypass authentication.

This is possible because the application is vulnerable to SQLI.

Source: CVE-2023-5053

CVE-2023-4316

Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails

Source: CVE-2023-4316