cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-33677,https://securityvulnerability.io/vulnerability/CVE-2023-33677,Unauthenticated SQL Injection Vulnerability in Information System's Version 1.0,"The Sourcecodester Lost and Found Information System, specifically in Version 1.0, has a security flaw that allows unauthenticated users to exploit SQL Injection vulnerabilities. This occurs when users manipulate the application's URL parameter ""?page=items/view&id=*"", enabling potential attackers to execute arbitrary SQL commands. Such exploitation could lead to unauthorized access to sensitive data or complete database compromise, highlighting the need for immediate remedial action to secure the application against SQL Injection threats.",Sourcecodester,Lost And Found Information System,7.5,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2024-03-06T00:00:00.000Z,0
CVE-2023-5018,https://securityvulnerability.io/vulnerability/CVE-2023-5018,SourceCodester Lost and Found Information System POST Parameter sql injection,"A vulnerability impacting SourceCodester's Lost and Found Information System 1.0 has been identified, originating from the POST Parameter Handler component, specifically in the Master.php file. The flaw allows an attacker to manipulate the 'id' parameter leading to SQL injection, which can be exploited remotely. This could potentially result in unauthorized access to the database, retrieval of sensitive data, or further compromise of the web application.",SourceCodester,Lost and Found Information System,9.8,CRITICAL,0.0015200000489130616,false,,false,false,false,,,false,false,,2023-09-17T04:15:00.000Z,0
CVE-2023-3850,https://securityvulnerability.io/vulnerability/CVE-2023-3850,SourceCodester Lost and Found Information System HTTP POST Request sql injection,"A security vulnerability has been identified in the Lost and Found Information System 1.0 developed by SourceCodester. This issue arises from improper handling of input in the HTTP POST Request Handler, specifically within the file /classes/Master.php?f=delete_category. An attacker can exploit this vulnerability by manipulating the 'id' parameter, which could allow for unauthorized SQL commands to be executed against the database. This remote attack can lead to significant data breaches or compromise of the underlying system.",SourceCodester,Lost and Found Information System,9.8,CRITICAL,0.001769999973475933,false,,false,false,false,,,false,false,,2023-07-23T10:15:00.000Z,0
CVE-2023-3680,https://securityvulnerability.io/vulnerability/CVE-2023-3680,SourceCodester Lost and Found Information System HTTP POST Request sql injection,"A SQL Injection flaw exists in SourceCodester's Lost and Found Information System version 1.0, affecting the HTTP POST Request Handler component. The vulnerability arises from the insecure manipulation of the 'id' argument within the file '/classes/Master.php?f=save_item', allowing an attacker to execute arbitrary SQL queries. This issue can be exploited remotely, potentially leading to unauthorized access or data corruption.",SourceCodester,Lost and Found Information System,9.8,CRITICAL,0.001829999964684248,false,,false,false,false,,,false,false,,2023-07-15T09:15:00.000Z,0
CVE-2023-3679,https://securityvulnerability.io/vulnerability/CVE-2023-3679,SourceCodester Lost and Found Information System HTTP POST Request sql injection,"A vulnerability exists in the SourceCodester Lost and Found Information System version 1.0 due to improper handling of HTTP POST requests within the Master.php component. Specifically, the manipulation of the 'id' parameter can lead to SQL injection attacks, allowing remote adversaries to execute arbitrary SQL commands. This violation of data integrity can result in unauthorized data access and potential data compromise.",SourceCodester,Lost and Found Information System,9.8,CRITICAL,0.001829999964684248,false,,false,false,false,,,false,false,,2023-07-15T09:15:00.000Z,0
CVE-2023-3177,https://securityvulnerability.io/vulnerability/CVE-2023-3177,SourceCodester Lost and Found Information System view_inquiry.php sql injection,A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.,Sourcecodester,Lost And Found Information System,6.3,MEDIUM,0.002730000065639615,false,,false,false,false,,,false,false,,2023-06-09T06:16:00.000Z,0
CVE-2023-3176,https://securityvulnerability.io/vulnerability/CVE-2023-3176,SourceCodester Lost and Found Information System manage_user.php sql injection,"A SQL injection vulnerability exists in the SourceCodester Lost and Found Information System, specifically in the file admin/user/manage_user.php. This flaw allows remote attackers to manipulate the 'id' argument, potentially leading to unauthorized access or data manipulation. Exploiting this vulnerability could enable attackers to execute arbitrary SQL queries, compromising the integrity of the database. This issue has been publicly disclosed, emphasizing the importance of immediate remediation for affected installations to ensure security.",SourceCodester,Lost and Found Information System,8.8,HIGH,0.002730000065639615,false,,false,false,false,,,false,false,,2023-06-09T06:16:00.000Z,0
CVE-2023-3017,https://securityvulnerability.io/vulnerability/CVE-2023-3017,SourceCodester Lost and Found Information System Manage User Page cross site scripting,A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/?page=user/manage_user of the component Manage User Page. The manipulation of the argument First Name/Middle Name/Last Name leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230361 was assigned to this vulnerability.,SourceCodester,Lost and Found Information System,5.4,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-05-31T15:15:00.000Z,0
CVE-2023-3018,https://securityvulnerability.io/vulnerability/CVE-2023-3018,SourceCodester Lost and Found Information System access control,"A vulnerability has been identified in the SourceCodester Lost and Found Information System 1.0 that allows for improper access controls within the application. This weakness can be exploited remotely, providing malicious users with the ability to gain unauthorized access to sensitive functionalities within the system. The vulnerability resides in the administrative interface, specifically affecting the /admin/?page=user/list endpoint, where inadequate permissions may expose user data and administrative actions. Given that the exploit has been publicly disclosed, organizations using this version of the Lost and Found Information System should take immediate measures to secure their systems.",SourceCodester,Lost and Found Information System,8.8,HIGH,0.0028299998957663774,false,,false,false,false,,,false,false,,2023-05-31T15:15:00.000Z,0
CVE-2023-2698,https://securityvulnerability.io/vulnerability/CVE-2023-2698,SourceCodester Lost and Found Information System GET Parameter sql injection,"The Lost and Found Information System by SourceCodester is susceptible to an SQL injection vulnerability due to insufficient validation of user input in the file admin/?page=items/manage_item. An attacker can manipulate the 'id' parameter in GET requests, allowing for unauthorized access to the database and potential data leaks. This vulnerability is particularly dangerous as it can be exploited remotely, putting sensitive data at risk. The exploit is publicly available, highlighting the importance of promptly addressing this security issue.",SourceCodester,Lost and Found Information System,9.8,CRITICAL,0.010409999638795853,false,,false,false,false,,,false,false,,2023-05-14T12:15:00.000Z,0
CVE-2023-2699,https://securityvulnerability.io/vulnerability/CVE-2023-2699,SourceCodester Lost and Found Information System GET Parameter sql injection,"A security flaw has been identified within the SourceCodester Lost and Found Information System version 1.0. This vulnerability resides in the admin panel, specifically in the GET parameter handler associated with the file admin/?page=items/view_item. By manipulating the 'id' argument, an attacker could execute SQL injection attacks. This issue can be exploited remotely, allowing unauthorized access to sensitive data. The vulnerability details have been publicly disclosed, increasing the risk of exploitation.",SourceCodester,Lost and Found Information System,9.8,CRITICAL,0.007230000104755163,false,,false,false,false,,,false,false,,2023-05-14T12:15:00.000Z,0
CVE-2023-2672,https://securityvulnerability.io/vulnerability/CVE-2023-2672,SourceCodester Lost and Found Information System GET Parameter view.php sql injection,"A SQL injection vulnerability exists in the Lost and Found Information System (version 1.0) due to improper handling of GET parameters in the items/view.php file. This allows attackers to manipulate the 'id' argument, enabling the execution of unauthorized SQL commands on the server. Remote attackers can exploit this vulnerability, potentially compromising the application's database and exposing sensitive information.",SourceCodester,Lost and Found Information System,9.8,CRITICAL,0.0026400000788271427,false,,false,false,false,,,false,false,,2023-05-12T09:15:00.000Z,0
CVE-2023-2671,https://securityvulnerability.io/vulnerability/CVE-2023-2671,SourceCodester Lost and Found Information System Contact Form cross site scripting,A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228887.,Sourcecodester,Lost And Found Information System,3.5,LOW,0.0007999999797903001,false,,false,false,false,,,false,false,,2023-05-12T09:15:00.000Z,0
CVE-2023-2670,https://securityvulnerability.io/vulnerability/CVE-2023-2670,SourceCodester Lost and Found Information System access control,"A vulnerability in SourceCodester's Lost and Found Information System 1.0 allows for improper access controls, particularly within the file admin/?page=user/manage_user. This flaw can be exploited remotely, giving unauthorized individuals potential access to sensitive functionalities. As the details of this exploit have been disclosed to the public, it poses a significant risk if not addressed promptly.",SourceCodester,Lost and Found Information System,8.8,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-05-12T08:15:00.000Z,0
CVE-2023-2669,https://securityvulnerability.io/vulnerability/CVE-2023-2669,SourceCodester Lost and Found Information System GET Parameter sql injection,"A vulnerability exists in the Lost and Found Information System by SourceCodester, where improper handling of GET parameters in the admin panel allows attackers to manipulate the 'id' argument. This flaw can lead to direct SQL injection attacks, enabling unauthorized access to sensitive data. Attackers can exploit this vulnerability remotely, posing a significant risk to the integrity and confidentiality of the database.",SourceCodester,Lost and Found Information System,9.8,CRITICAL,0.0026400000788271427,false,,false,false,false,,,false,false,,2023-05-12T08:15:00.000Z,0
CVE-2023-2667,https://securityvulnerability.io/vulnerability/CVE-2023-2667,SourceCodester Lost and Found Information System cross site scripting,A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228883.,Sourcecodester,Lost And Found Information System,3.5,LOW,0.0007999999797903001,false,,false,false,false,,,false,false,,2023-05-12T07:15:00.000Z,0
CVE-2023-2668,https://securityvulnerability.io/vulnerability/CVE-2023-2668,SourceCodester Lost and Found Information System GET Parameter manager_category sql injection,"A critical SQL injection vulnerability exists in SourceCodester's Lost and Found Information System 1.0. This issue lies in the 'manager_category' function located in the admin component's GET Parameter Handler. Through manipulation of the argument 'id', an attacker can execute malicious SQL commands, potentially leading to unauthorized data access. This vulnerability can be exploited remotely, increasing the risk for users. The details of this vulnerability have been made public, heightening the urgency for affected parties to implement appropriate security measures.",SourceCodester,Lost and Found Information System,9.8,CRITICAL,0.0026400000788271427,false,,false,false,false,,,false,false,,2023-05-12T07:15:00.000Z,0
CVE-2023-2653,https://securityvulnerability.io/vulnerability/CVE-2023-2653,SourceCodester Lost and Found Information System index.php sql injection,"An SQL injection vulnerability has been identified in the SourceCodester Lost and Found Information System version 1.0, specifically affecting the items/index.php file. By manipulating the 'cid' argument, remote attackers can exploit this vulnerability to execute arbitrary SQL code, potentially compromising the underlying database. As the exploit has been publicly disclosed, it poses a significant risk to users of the affected software.",SourceCodester,Lost and Found Information System,9.8,CRITICAL,0.0026400000788271427,false,,false,false,false,,,false,false,,2023-05-11T09:15:00.000Z,0
CVE-2023-2652,https://securityvulnerability.io/vulnerability/CVE-2023-2652,SourceCodester Lost and Found Information System sql injection,"A SQL injection vulnerability exists in the SourceCodester Lost and Found Information System version 1.0, specifically within the function located at /classes/Master.php?f=delete_item. This flaw allows attackers to execute malicious SQL commands remotely, potentially exposing sensitive data or compromising the application’s integrity. The vulnerability is publicly known, increasing the risk of exploitation, and it is crucial for users of the affected version to apply the necessary security measures and updates to mitigate risks.",SourceCodester,Lost and Found Information System,9.8,CRITICAL,0.0026400000788271427,false,,false,false,false,,,false,false,,2023-05-11T09:15:00.000Z,0