cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7661,https://securityvulnerability.io/vulnerability/CVE-2024-7661,Car Driving School Management System Vulnerable to Cross-Site Request Forgery,"A significant vulnerability exists in the SourceCodester Car Driving School Management System 1.0, specifically in the 'save_users' function of the admin/user/index.php file. This flaw allows attackers to perform cross-site request forgery (CSRF), potentially enabling them to initiate unauthorized actions on behalf of an authenticated user without their consent. Given that the attack can be executed remotely, it poses a serious risk to the security and integrity of the application, especially in environments where sensitive user interactions occur. The exploit has been made public, increasing the urgency for users to address this security issue.",Sourcecodester,Car Driving School Management System,8.8,HIGH,0.0017099999822676182,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7662,https://securityvulnerability.io/vulnerability/CVE-2024-7662,Car Driving School Management System Vulnerable to Cross-Site Request Forgery,"A cross-site request forgery vulnerability exists within the SourceCodester Car Driving School Management System 1.0, specifically affecting the save_package function found in the admin/packages/manag_package.php file. This vulnerability enables attackers to perform unauthorized actions on behalf of authenticated users without their consent. Attackers can exploit this vulnerability remotely, leading to potential data manipulation and unauthorized access to sensitive information. The exploit has been publicly disclosed, increasing the risk of attacks against systems utilizing this software.",Sourcecodester,Car Driving School Management System,6.5,MEDIUM,0.0008399999933317304,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7663,https://securityvulnerability.io/vulnerability/CVE-2024-7663,SQL Injection in SourceCodester Car Driving School Management System,"A serious SQL Injection vulnerability has been identified in Version 1.0 of the SourceCodester Car Driving School Management System. This vulnerability arises from improper handling of the 'id' parameter in the manage_user.php file, allowing unauthorized users to manipulate SQL queries. Exploiting this flaw enables attackers to execute malicious SQL statements remotely, potentially compromising database integrity and confidentiality. Given the public disclosure of the exploit, immediate action is imperative for users of the affected system to mitigate any risks associated with this vulnerability.",Sourcecodester,Car Driving School Management System,5.3,MEDIUM,0.002730000065639615,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7664,https://securityvulnerability.io/vulnerability/CVE-2024-7664,SQL Injection Vulnerability in SourceCodester Car Driving School Management System,"A critical SQL injection vulnerability has been identified in the SourceCodester Car Driving School Management System version 1.0, specifically within the 'view_details.php' file. This flaw occurs due to improper validation of the 'id' parameter, allowing attackers to manipulate SQL queries. The exploitation can be performed remotely, posing significant risks to user data integrity and system confidentiality. Organizations utilizing this product should take immediate action to assess their systems and implement necessary security measures to mitigate potential attacks. Public knowledge of this exploit increases the urgency for patching and system hardening to avert possible breaches.",Sourcecodester,Car Driving School Management System,4.3,MEDIUM,0.0016700000269338489,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7665,https://securityvulnerability.io/vulnerability/CVE-2024-7665,SQL Injection Vulnerability in SourceCodester Car Driving School Management System,"A serious SQL injection vulnerability has been identified in the SourceCodester Car Driving School Management System version 1.0, specifically within the manage_package.php file. This vulnerability arises from improper handling of input parameters, particularly the 'id' argument, which can be exploited by remote attackers to manipulate database queries. Such attacks could lead to unauthorized access to the database, data leakage, or even complete system compromise. The exploit for this vulnerability has been publicly disclosed, highlighting the urgent need for users to assess their security measures and apply necessary updates or patches to protect their systems.",Sourcecodester,Car Driving School Management System,4.3,MEDIUM,0.0016700000269338489,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7666,https://securityvulnerability.io/vulnerability/CVE-2024-7666,SQL Injection Vulnerability in SourceCodester Car Driving School Management System,"A serious SQL injection vulnerability has been discovered in the SourceCodester Car Driving School Management System version 1.0. This vulnerability is located in the 'view_package.php' file and can be exploited remotely. It arises from improper handling of the 'id' parameter, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to sensitive data. As the exploit has been published, immediate action is advised to secure affected systems and mitigate the risks associated with unauthorized data manipulation.",Sourcecodester,Car Driving School Management System,5.3,MEDIUM,0.002730000065639615,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7667,https://securityvulnerability.io/vulnerability/CVE-2024-7667,SQL Injection Vulnerability in SourceCodester Car Driving School Management System,"A significant SQL injection vulnerability exists within the SourceCodester Car Driving School Management System version 1.0. The vulnerability arises from improper handling of user input in the 'delete_users' function located in the User.php file. An attacker with remote access can exploit this flaw by manipulating the 'id' parameter, potentially leading to unauthorized access, data manipulation, and significant data breaches. The exploit details are publicly available, increasing the urgency for users of this system to apply necessary security measures.",Sourcecodester,Car Driving School Management System,5.3,MEDIUM,0.002730000065639615,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7668,https://securityvulnerability.io/vulnerability/CVE-2024-7668,SQL Injection Vulnerability in SourceCodester Car Driving School Management System,"A security vulnerability has been identified in the SourceCodester Car Driving School Management System version 1.0, specifically within the delete_package function located in the Master.php file. This vulnerability arises from insufficient input validation of the 'id' argument, making it susceptible to SQL injection attacks. By exploiting this flaw, an attacker can remotely manipulate database queries, leading to unauthorized access to sensitive data, data modification, or even total system compromise. This vulnerability has been made public and poses a significant risk, necessitating immediate attention from users and administrators to mitigate potential exploit scenarios.",Sourcecodester,Car Driving School Management System,5.3,MEDIUM,0.002730000065639615,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7669,https://securityvulnerability.io/vulnerability/CVE-2024-7669,SQL Injection Vulnerability in SourceCodester Car Driving School Management System,"A critical SQL injection vulnerability has been identified in the SourceCodester Car Driving School Management System version 1.0, specifically in the delete_enrollment function found in the Master.php file. This vulnerability allows attackers to manipulate the 'id' argument, leading to unauthorized database queries and potential exposure of sensitive information. The exploit can be executed remotely, making it a significant risk for users of this application. It is crucial for organizations utilizing this management system to implement security patches and adopt best practices to mitigate the risk of exploitation.",Sourcecodester,Car Driving School Management System,5.3,MEDIUM,0.002730000065639615,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7676,https://securityvulnerability.io/vulnerability/CVE-2024-7676,SQL Injection Vulnerability in Sourcecodester Car Driving School Management System,"A critical SQL injection vulnerability has been identified in the Sourcecodester Car Driving School Management System version 1.0. This vulnerability is located in the 'save_package' function of the '/classes/Master.php?f=save_package' file. By manipulating the 'id' argument, attackers can execute arbitrary SQL queries against the database, potentially leading to unauthorized data access, data manipulation, or even database management system takeover. This flaw allows for remote exploitation, raising significant security concerns for users of the affected system. Given that the exploit has been disclosed publicly, it is imperative for affected organizations to apply available patches and implement best practices to safeguard against potential attacks.",Sourcecodester,Car Driving School Management System,5.3,MEDIUM,0.002730000065639615,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7677,https://securityvulnerability.io/vulnerability/CVE-2024-7677,Car Driving School Management System vulnerable to Cross-Site Scripting Attacks,"A vulnerability exists in the SourceCodester Car Driving School Management System 1.0, specifically within the update_settings_info function located at /classes/SystemSettings.php?f=update_settings. This flaw enables attackers to exploit the contact/address argument, resulting in a cross site scripting (XSS) attack. The vulnerability allows for the execution of malicious scripts in the context of a user's browser, which may lead to the theft of session cookies, redirection to malicious sites, or other harmful actions. The potential for remote exploitation increases the urgency for users of the affected system to assess their risk and implement security measures.",Sourcecodester,Car Driving School Management System,6.1,MEDIUM,0.001180000021122396,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7678,https://securityvulnerability.io/vulnerability/CVE-2024-7678,Car Driving School Management System vulnerable to Cross Site Scripting Attacks,"A significant vulnerability exists in the SourceCodester Car Driving School Management System's file Master.php, where an attacker may exploit insufficient input validation in the 'save_package' function. By manipulating parameters such as 'name', 'description', and 'training_duration', an attacker can execute cross-site scripting (XSS) attacks remotely. This allows the injection of malicious scripts into web pages viewed by other users, potentially leading to data theft, session hijacking, or further attacks against the application. The public disclosure of this exploit heightens the urgency for users to take appropriate security measures.",Sourcecodester,Car Driving School Management System,6.1,MEDIUM,0.001180000021122396,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0