cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8380,https://securityvulnerability.io/vulnerability/CVE-2024-8380,SQL Injection Vulnerability in SourceCodester Contact Manager,"A critical SQL injection vulnerability exists in the Delete Contact Handler of SourceCodester's Contact Manager with Export to VCF version 1.0. This flaw is located in the file '/endpoint/delete-account.php', where improper handling of user inputs allows for unauthorized SQL commands to be executed. As a result, attackers can potentially manipulate the 'contact' argument, leading to unauthorized access to the database. The vulnerability can be exploited remotely, thereby posing a significant risk to users. Quick remediation is advised as the exploit has been publicly disclosed and may be weaponized by malicious actors.",Sourcecodester,Contact Manager With Export To Vcf,9.8,CRITICAL,0.0010900000343099236,false,false,false,true,true,false,false,2024-09-03T01:15:00.000Z,0
CVE-2024-8337,https://securityvulnerability.io/vulnerability/CVE-2024-8337,Remote Cross-Site Scripting Vulnerability in Contact Manager with Export to VCF,"A vulnerability, which was classified as problematic, has been found in SourceCodester Contact Manager with Export to VCF 1.0. Affected by this issue is some unknown functionality of the file index.html. The manipulation of the argument contact_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",Sourcecodester,Contact Manager With Export To Vcf,5.4,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2024-08-30T13:31:06.423Z,0