Vulnerabilities > Oretnom23

DATE CVE VULNERABILITY TITLE RISK
2021-12-23 CVE-2021-44600 SQL Injection vulnerability in Oretnom23 Simple Online Men'S Salon Management System 1.0
The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter.
network
low complexity
oretnom23 CWE-89
7.5
2021-12-21 CVE-2021-45252 SQL Injection vulnerability in Oretnom23 Simple Forum/Discussion System 1.0
Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php.
network
low complexity
oretnom23 CWE-89
critical
9.8
2021-12-15 CVE-2021-44653 SQL Injection vulnerability in Oretnom23 Online Magazine Management System 1.0
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability.
network
low complexity
oretnom23 CWE-89
critical
9.8
2021-11-15 CVE-2021-42580 SQL Injection vulnerability in Oretnom23 Online Learning System 2.0
Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.
network
low complexity
oretnom23 CWE-89
critical
9.8
2021-11-03 CVE-2021-43140 SQL Injection vulnerability in Oretnom23 Simple Subscription Website 1.0
SQL Injection vulnerability exists in Sourcecodester.
network
low complexity
oretnom23 CWE-89
critical
9.8
2021-11-03 CVE-2021-43141 Cross-site Scripting vulnerability in Oretnom23 Simple Subscription Website 1.0
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application.
network
low complexity
oretnom23 CWE-79
6.1
2021-10-29 CVE-2021-41645 Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Budget and Expense Tracker System 1.0
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field.
network
low complexity
oretnom23 CWE-434
8.8