cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0351,https://securityvulnerability.io/vulnerability/CVE-2024-0351,SourceCodester Engineers Online Portal session fixiation,A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250119.,SourceCodester,Engineers Online Portal,3.5,LOW,0.000590000010561198,false,false,false,true,true,false,false,2024-01-09T23:00:05.670Z,0
CVE-2024-0350,https://securityvulnerability.io/vulnerability/CVE-2024-0350,SourceCodester Engineers Online Portal session expiration,A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability.,SourceCodester,Engineers Online Portal,6.5,MEDIUM,0.0006099999882280827,false,false,false,true,true,false,false,2024-01-09T22:31:04.857Z,0
CVE-2024-0349,https://securityvulnerability.io/vulnerability/CVE-2024-0349,SourceCodester Engineers Online Portal missing secure attribute,A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability.,SourceCodester,Engineers Online Portal,5.3,MEDIUM,0.0005600000149570405,false,false,false,true,true,false,false,2024-01-09T22:31:03.824Z,0
CVE-2024-0348,https://securityvulnerability.io/vulnerability/CVE-2024-0348,SourceCodester Engineers Online Portal File Upload resource consumption,A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116.,SourceCodester,Engineers Online Portal,6.5,MEDIUM,0.0006799999973736703,false,false,false,true,true,false,false,2024-01-09T22:00:04.969Z,0
CVE-2024-0347,https://securityvulnerability.io/vulnerability/CVE-2024-0347,SourceCodester Engineers Online Portal signup_teacher.php weak password,A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250115.,SourceCodester,Engineers Online Portal,3.7,LOW,0.0012400000123307109,false,false,false,true,true,false,false,2024-01-09T21:31:04.011Z,0
CVE-2024-0260,https://securityvulnerability.io/vulnerability/CVE-2024-0260,SourceCodester Engineers Online Portal Password Change change_password_teacher.php session expiration,"A vulnerability exists in the SourceCodester Engineers Online Portal, specifically within the Password Change component, located in the file change_password_teacher.php. This issue can lead to session expiration, which potentially affects users accessing their accounts. The flaw enables remote exploitation, making it crucial for users to remain vigilant. The public disclosure of the exploit illustrates the importance of immediate security measures to prevent unauthorized access and session hijacking.",SourceCodester,Engineers Online Portal,7.5,HIGH,0.0006099999882280827,false,false,false,true,true,false,false,2024-01-07T00:15:00.000Z,0
CVE-2024-0182,https://securityvulnerability.io/vulnerability/CVE-2024-0182,SourceCodester Engineers Online Portal Admin Login sql injection,"A SQL injection vulnerability has been identified in the SourceCodester Engineers Online Portal, specifically within the admin login functionality. This security flaw allows an attacker to manipulate input parameters—specifically the username and password fields—thereby executing arbitrary SQL queries. The vulnerability can be exploited remotely, enabling unauthorized users to gain access to sensitive information or perform actions without proper authorization. This issue highlights the importance of secure input validation and the potential risks associated with inadequate protections in web application development.",Sourcecodester,Engineers Online Portal,7.3,HIGH,0.0013800000306218863,false,true,false,false,,false,false,2024-01-01T21:15:00.000Z,0
CVE-2023-7160,https://securityvulnerability.io/vulnerability/CVE-2023-7160,SourceCodester Engineers Online Portal Add Engineer cross site scripting,A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input <script>alert(0)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249182 is the identifier assigned to this vulnerability.,SourceCodester,Engineers Online Portal,6.1,MEDIUM,0.0005099999834783375,false,false,false,false,,false,false,2023-12-29T08:15:00.000Z,0
CVE-2023-5283,https://securityvulnerability.io/vulnerability/CVE-2023-5283,SourceCodester Engineers Online Portal teacher_signup.php sql injection,A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teacher_signup.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240911.,Sourcecodester,Engineers Online Portal,6.3,MEDIUM,0.0032099999953061342,false,false,false,false,,false,false,2023-09-29T20:15:00.000Z,0
CVE-2023-5284,https://securityvulnerability.io/vulnerability/CVE-2023-5284,SourceCodester Engineers Online Portal upload_save_student.php unrestricted upload,"A vulnerability has been identified in the Engineers Online Portal, specifically affecting the file upload_save_student.php functionality. This vulnerability allows attackers to upload files without proper restrictions, enabling the potential for malicious file execution. The flaw can be exploited remotely, posing significant risks to the integrity of the application and its data. The details of the exploit have been made public, increasing the urgency for mitigation and protection against such unauthorized actions.",SourceCodester,Engineers Online Portal,8.8,HIGH,0.0036800000816583633,false,false,false,false,,false,false,2023-09-29T20:15:00.000Z,0
CVE-2023-5281,https://securityvulnerability.io/vulnerability/CVE-2023-5281,SourceCodester Engineers Online Portal remove_inbox_message.php sql injection,A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file remove_inbox_message.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240909 was assigned to this vulnerability.,Sourcecodester,Engineers Online Portal,6.3,MEDIUM,0.008709999732673168,false,false,false,false,,false,false,2023-09-29T19:15:00.000Z,0
CVE-2023-5282,https://securityvulnerability.io/vulnerability/CVE-2023-5282,SourceCodester Engineers Online Portal seed_message_student.php sql injection,"A vulnerability has been identified in the Engineers Online Portal which allows for SQL injection through unvalidated inputs in the seed_message_student.php file. Specifically, misuse of the teacher_id parameter can enable an attacker to execute arbitrary SQL statements, potentially compromising the database. This vulnerability can be exploited remotely, making it essential for users and administrators to apply immediate remediation measures to safeguard their systems from potential data breaches and unauthorized access.",SourceCodester,Engineers Online Portal,9.8,CRITICAL,0.006039999891072512,false,false,false,false,,false,false,2023-09-29T19:15:00.000Z,0
CVE-2023-5280,https://securityvulnerability.io/vulnerability/CVE-2023-5280,SourceCodester Engineers Online Portal my_students.php sql injection,"A vulnerability in the SourceCodester Engineers Online Portal 1.0 has been identified that allows for SQL injection through improper handling of the 'id' parameter within the my_students.php file. This weakness enables an attacker to manipulate SQL queries executed by the application, potentially leading to unauthorized access to sensitive data. As the exploit is publicly disclosed, it poses a significant risk, particularly as it can be executed remotely. It is crucial for users of the affected product to apply security patches and implement protective measures.",SourceCodester,Engineers Online Portal,9.8,CRITICAL,0.008709999732673168,false,false,false,false,,false,false,2023-09-29T18:15:00.000Z,0
CVE-2023-5277,https://securityvulnerability.io/vulnerability/CVE-2023-5277,SourceCodester Engineers Online Portal student_avatar.php unrestricted upload,"A security issue has been identified in the SourceCodester Engineers Online Portal 1.0, specifically within the processing of the student_avatar.php file. This vulnerability allows attackers to manipulate the 'change' argument, resulting in unrestricted file uploads. Such an exploit can be executed remotely, potentially allowing for unauthorized file access or execution, which could compromise the integrity and confidentiality of the system. The vulnerability has been publicly disclosed and poses a significant risk to users relying on this platform.",SourceCodester,Engineers Online Portal,9.8,CRITICAL,0.01561999972909689,false,false,false,false,,false,false,2023-09-29T18:15:00.000Z,0
CVE-2023-5279,https://securityvulnerability.io/vulnerability/CVE-2023-5279,SourceCodester Engineers Online Portal my_classmates.php sql injection,A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file my_classmates.php. The manipulation of the argument teacher_class_student_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240907.,Sourcecodester,Engineers Online Portal,6.3,MEDIUM,0.008709999732673168,false,false,false,false,,false,false,2023-09-29T18:15:00.000Z,0
CVE-2023-5278,https://securityvulnerability.io/vulnerability/CVE-2023-5278,SourceCodester Engineers Online Portal login.php sql injection,"A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240906 is the identifier assigned to this vulnerability.",Sourcecodester,Engineers Online Portal,6.3,MEDIUM,0.006039999891072512,false,false,false,false,,false,false,2023-09-29T18:15:00.000Z,0
CVE-2023-5276,https://securityvulnerability.io/vulnerability/CVE-2023-5276,SourceCodester Engineers Online Portal downloadable_student.php sql injection,A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. This vulnerability affects unknown code of the file downloadable_student.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-240904.,Sourcecodester,Engineers Online Portal,6.3,MEDIUM,0.006039999891072512,false,false,false,false,,false,false,2023-09-29T18:15:00.000Z,0