cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-8348,https://securityvulnerability.io/vulnerability/CVE-2024-8348,SQL Injection Vulnerability in SourceCodester Computer Laboratory Management System,"A serious SQL injection vulnerability has been identified in the SourceCodester Computer Laboratory Management System (version 1.0). This flaw resides in the delete_category function of the Master.php file, which mishandles the input parameters. An attacker can manipulate the 'id' argument, leading to unauthorized access and manipulation of the underlying database. Since the exploit can be executed remotely, it poses a significant risk to users of this system. The vulnerability has been publicly disclosed, making it crucial for users to apply patches or implement mitigation strategies promptly.",Sourcecodester,Computer Laboratory Management System,9.8,CRITICAL,0.0010900000343099236,false,,false,false,true,2024-08-30T21:15:00.000Z,true,false,false,,2024-08-30T22:15:00.000Z,0
CVE-2024-8347,https://securityvulnerability.io/vulnerability/CVE-2024-8347,SQL Injection Vulnerability in SourceCodester Computer Laboratory Management System,"A significant SQL injection vulnerability has been identified in SourceCodester's Computer Laboratory Management System version 1.0. This flaw resides in the delete_record function of the Master.php file. An attacker can manipulate the 'id' argument, leading to unauthorized access to the database, which can result in the execution of malicious SQL statements. This vulnerability can be exploited remotely, allowing attackers to compromise system integrity and gain sensitive information. The issue has been publicly disclosed, underlining the urgency for affected users to apply necessary patches and implement security best practices to mitigate potential risks.",Sourcecodester,Computer Laboratory Management System,9.8,CRITICAL,0.0010900000343099236,false,,false,false,true,2024-08-30T21:15:00.000Z,true,false,false,,2024-08-30T22:15:00.000Z,0
CVE-2024-8346,https://securityvulnerability.io/vulnerability/CVE-2024-8346,SQL Injection Vulnerability in SourceCodester Computer Laboratory Management System,"A critical SQL injection vulnerability has been identified in the SourceCodester Computer Laboratory Management System version 1.0. The flaw lies within the function 'update_settings_info' located in the '/classes/SystemSettings.php' file, where the manipulation of the 'name' argument allows attackers to execute malicious SQL queries. This vulnerability can be exploited remotely, resulting in unauthorized access to sensitive data. Given the public disclosure of this exploit, it is crucial for users of the affected system to implement immediate security measures to mitigate potential risks.",SourceCodester,Computer Laboratory Management System,9.8,CRITICAL,0.0010900000343099236,false,,false,false,false,,,false,false,,2024-08-30T21:15:00.000Z,0
CVE-2024-6802,https://securityvulnerability.io/vulnerability/CVE-2024-6802,SQL Injection Vulnerability in SourceCodester Computer Laboratory Management System,"A significant SQL injection vulnerability exists in the SourceCodester Computer Laboratory Management System version 1.0, particularly affecting the function at /lms/classes/Master.php?f=save_record. The vulnerability allows attackers to manipulate the 'id' argument to execute unauthorized SQL queries. This security flaw can be exploited remotely, allowing attackers to gain access to sensitive data or even manipulate the underlying database. Publicly disclosed information regarding this vulnerability raises concerns about its potential misuse, emphasizing the critical need for immediate patching and remediation for affected users.",Sourcecodester,Computer Laboratory Management System,9.8,CRITICAL,0.011800000444054604,false,,false,false,true,2024-07-17T01:00:05.000Z,true,false,false,,2024-07-17T02:00:05.235Z,0
CVE-2024-3695,https://securityvulnerability.io/vulnerability/CVE-2024-3695,Cross Site Scripting Vulnerability in SourceCodester Computer Laboratory Management System 1.0,A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260482 is the identifier assigned to this vulnerability.,Sourcecodester,Computer Laboratory Management System,5.4,MEDIUM,0.000699999975040555,false,,false,false,true,2024-04-12T14:31:06.000Z,true,false,false,,2024-04-12T15:31:06.218Z,0
CVE-2024-3377,https://securityvulnerability.io/vulnerability/CVE-2024-3377,Cross Site Scripting (XSS) Vulnerability in SystemSettings.php,"A vulnerability exists in the SourceCodester Computer Laboratory Management System that enables remote attackers to inject malicious scripts via the 'name' argument during the update settings process. This cross-site scripting issue allows attackers to execute arbitrary JavaScript in the context of the user’s session, potentially compromising sensitive information and enabling unauthorized actions. The affected script is located at /classes/SystemSettings.php?f=update_settings, and the exploit has been publicly disclosed, highlighting the importance of immediate remediation to protect user data from potential threats.",Sourcecodester,Computer Laboratory Management System,6.1,MEDIUM,0.0005200000014156103,false,,false,false,true,2024-04-06T11:00:06.000Z,true,false,false,,2024-04-06T12:00:06.066Z,0
CVE-2024-3376,https://securityvulnerability.io/vulnerability/CVE-2024-3376,Execution After Redirect Vulnerability in SourceCodester Computer Laboratory Management System,"A significant security vulnerability has been identified in the SourceCodester Computer Laboratory Management System version 1.0, specifically within the config.php file. This issue arises from improper validation of the 'url' argument, which can be manipulated to execute arbitrary code after a redirect. Due to its nature, this vulnerability allows attackers to exploit the system remotely, posing a severe threat to the integrity and security of databases and user data. The vulnerability has been publicly disclosed, making it essential for organizations using this software to assess their exposure and implement the necessary security measures promptly. As of now, identifiers such as VDB-259497 and other technical advisories have noted the exploitation vectors and potential indicators of compromise.",Sourcecodester,Computer Laboratory Management System,9.8,CRITICAL,0.0006900000153109431,false,,false,false,true,2024-04-06T10:31:05.000Z,true,false,false,,2024-04-06T11:31:05.337Z,0
CVE-2024-3316,https://securityvulnerability.io/vulnerability/CVE-2024-3316,SQL Injection Vulnerability in SourceCodester Computer Laboratory Management System,"A serious SQL injection vulnerability has been identified in SourceCodester's Computer Laboratory Management System version 1.0, specifically within the file /admin/category/view_category.php. This vulnerability allows attackers to manipulate the 'id' parameter, enabling remote exploitation and unauthorized access to the system's database. If successfully exploited, the attacker could execute arbitrary SQL commands, potentially leading to data breaches and further system compromises. It's crucial for users and administrators of the affected system to apply patches or mitigation measures immediately to safeguard against this vulnerability.",SourceCodester Computer Laboratory Management System,Computer Laboratory Management System,8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2024-04-04T22:15:00.000Z,0
CVE-2024-3315,https://securityvulnerability.io/vulnerability/CVE-2024-3315,SQL Injection Vulnerability in SourceCodester Computer Laboratory Management System,"A critical SQL injection vulnerability exists within the SourceCodester Computer Laboratory Management System 1.0, specifically within an unspecified function in the file classes/user.php. This flaw allows an attacker to craft malicious input, manipulating the 'id' argument to execute arbitrary SQL queries against the database. As a result, remote attackers may gain unauthorized access to sensitive data and potentially compromise the integrity and confidentiality of the database. This vulnerability has been publicly disclosed, making it imperative for users of the affected systems to take immediate action to mitigate the risks associated with this exploit.",SourceCodester Computer Laboratory Management System,Computer Laboratory Management System,9.8,CRITICAL,0.0006900000153109431,false,,false,false,false,,,false,false,,2024-04-04T21:15:00.000Z,0
CVE-2024-3314,https://securityvulnerability.io/vulnerability/CVE-2024-3314,SQL Injection Vulnerability in SourceCodester Computer Laboratory Management System,"A significant SQL Injection vulnerability exists in SourceCodester's Computer Laboratory Management System version 1.0, specifically related to improper processing within the /classes/Users.php file. This vulnerability allows remote attackers to execute unauthorized SQL commands, potentially gaining access to sensitive data and compromising the integrity of the database. Attackers can exploit this weakness by manipulating input parameters, which may result in data loss, theft, or further system exploitation. It is crucial for users of the affected software to apply security patches or consider alternative solutions to safeguard against potential attacks.",Sourcecodester,Computer Laboratory Management System,9.8,CRITICAL,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-04-04T21:15:00.000Z,0
CVE-2024-3251,https://securityvulnerability.io/vulnerability/CVE-2024-3251,SQL Injection Vulnerability in SourceCodester Computer Laboratory Management System,"A severe security vulnerability has been identified in SourceCodester's Computer Laboratory Management System version 1.0. This vulnerability arises from improper input validation in the administrative functionality, specifically under the file '/admin/?page=borrow/view_borrow', allowing an attacker to manipulate the 'id' parameter. By crafting specific input strings, a remote attacker could execute unauthorized SQL commands on the underlying database. This exploit leads to potential data leakage, unauthorized data manipulation, or even full system compromise, posing significant risks to organizations relying on this system for lab management. The vulnerability has become public knowledge, making it imperative for users to assess and remediate their systems to protect against potential exploitation.",SourceCodester Computer Laboratory Management System,Computer Laboratory Management System,8.8,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-04-03T10:15:00.000Z,0
CVE-2024-3140,https://securityvulnerability.io/vulnerability/CVE-2024-3140,Cross Site Scripting Vulnerability in SourceCodester Computer Laboratory Management System 1.0,"A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258915.",Sourcecodester,Computer Laboratory Management System,5.4,MEDIUM,0.000699999975040555,false,,false,false,true,2024-04-01T22:15:00.000Z,true,false,false,,2024-04-01T23:15:00.000Z,0
CVE-2024-3139,https://securityvulnerability.io/vulnerability/CVE-2024-3139,Improper Authorization in SourceCodester Computer Laboratory Management System,"A critical vulnerability has been identified in the SourceCodester Computer Laboratory Management System version 1.0. This security flaw arises from improper authorization in the 'save_users' function of the '/classes/Users.php?f=save' file. The vulnerability is due to the manipulation of the 'id' argument, which could allow an unauthorized user to perform operations they should not have access to. The issue can be exploited remotely, making it a significant concern for any systems utilizing this management software. Since the exploit has been publicized, organizations using this application are strongly urged to assess their security posture and apply necessary patches to mitigate potential attacks.",SourceCodester Computer Laboratory Management System,Computer Laboratory Management System,5.4,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-04-01T23:15:00.000Z,0