Vulnerabilities > Oretnom23
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-28 | CVE-2021-41434 | Cross-site Scripting vulnerability in Oretnom23 Expense Management System 1.0 A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php. | 5.4 |
| 2022-09-12 | CVE-2022-37796 | Cross-site Scripting vulnerability in Oretnom23 Simple Online Book Store System 1.0 In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). | 5.4 |
| 2022-09-02 | CVE-2022-36754 | SQL Injection vulnerability in Oretnom23 Expense Management System 1.0 Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. | 7.2 |
| 2022-01-28 | CVE-2021-45435 | SQL Injection vulnerability in Oretnom23 Simple Cold Storage Management System 1.0 An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php. | 9.8 |
| 2022-01-21 | CVE-2021-40247 | SQL Injection vulnerability in Oretnom23 Budget and Expense Tracker System 1.0 SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. | 9.8 |
| 2021-12-21 | CVE-2021-45252 | SQL Injection vulnerability in Oretnom23 Simple Forum/Discussion System 1.0 Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. | 9.8 |
| 2021-12-15 | CVE-2021-44653 | SQL Injection vulnerability in Oretnom23 Online Magazine Management System 1.0 Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. | 9.8 |
| 2021-10-29 | CVE-2021-41645 | Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Budget and Expense Tracker System 1.0 Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. | 8.8 |