Vulnerabilities > Online Leave Management System Project

DATE CVE VULNERABILITY TITLE RISK
2022-12-07 CVE-2022-45008 Cross-site Scripting vulnerability in Online Leave Management System Project Online Leave Management System 1.0
Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department.
4.8
2022-12-07 CVE-2022-45009 Unrestricted Upload of File with Dangerous Type vulnerability in Online Leave Management System Project Online Leave Management System 1.0
Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings.
7.2
2022-11-17 CVE-2022-43179 SQL Injection vulnerability in Online Leave Management System Project Online Leave Management System 1.0
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=.
7.2
2022-10-07 CVE-2022-41379 Unrestricted Upload of File with Dangerous Type vulnerability in Online Leave Management System Project Online Leave Management System 1.0
An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
7.2
2022-10-06 CVE-2022-41355 SQL Injection vulnerability in Online Leave Management System Project Online Leave Management System 1.0
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department.
7.2
2022-01-21 CVE-2021-40595 SQL Injection vulnerability in Online Leave Management System Project Online Leave Management System 1.0
SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php.
7.5