CVE-2024-6417 : SOURCECODESTER SIMPLE ONLINE BIDDING SYSTEM 1.0 AJAX.PHP ID SQL INJECTION

Description

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270008.

References

https://github.com/xyj123a/cve/blob/main/sql.md

https://vuldb.com/?ctiid.270008

https://vuldb.com/?id.270008

https://vuldb.com/?submit.365234

For More Information

National Vulnerability Database

Contact us to get started

CVE-2024-5711 : STITIONAI DEVIKA CROSS SITE SCRIPTING

Description Cross-site Scripting (XSS) – Stored in GitHub repository stitionai/devika prior to -. References https://huntr.com/bounties/6c00ff84-574b-4b4f-bd58-aa7ec1809662 https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2 For More Information CVERecord

Learn more

CVE-2024-38330 : IBM I 7.2/7.3/7.4 UNCONTROLLED SEARCH PATH

Description IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due

Learn more

CVE-2024-6539 : HEYEWEI SPRINGBOOTCMS UP TO 2024-05-28 GUESTBOOK /GUESTBOOK CONTENT CROSS SITE SCRIPTING

Description A vulnerability classified as problematic has been found in heyewei SpringBootCMS up to 2024-05-28. Affected is an unknown function

Learn more