cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-2332,https://securityvulnerability.io/vulnerability/CVE-2024-2332,SQL Injection Vulnerability in SourceCodester Online Mobile Management Store,"A security vulnerability has been identified within SourceCodester's Online Mobile Management Store version 1.0, specifically in the handling of HTTP GET requests via the file /admin/maintenance/manage_category.php. This flaw allows for SQL injection attacks through manipulation of the 'id' argument. Attackers can exploit this vulnerability remotely, which raises significant concerns regarding data integrity and unauthorized data access. As this issue has been disclosed publicly, it is crucial for users and administrators to implement security measures swiftly to mitigate potential risks associated with this vulnerability. Further details and technical insights can be found in the associated resources.",Sourcecodester,Online Mobile Management Store,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-09T14:00:09.000Z,true,false,false,,2024-03-09T14:00:09.399Z,0
CVE-2024-2154,https://securityvulnerability.io/vulnerability/CVE-2024-2154,SQL Injection Vulnerability in SourceCodester Online Mobile Management Store,"An SQL injection vulnerability has been identified in the SourceCodester Online Mobile Management Store version 1.0. This flaw resides in the view_product.php file and is triggered by the manipulation of the 'id' argument. Attackers can initiate this exploit remotely, potentially allowing unauthorized access to the database. As the details of this vulnerability are now public, it poses a significant risk to all users of the affected product. It is crucial for stakeholders to apply necessary updates or mitigate measures to protect against potential exploitation.",Sourcecodester,Online Mobile Management Store,9.8,CRITICAL,0.0007800000021234155,false,,false,false,true,2024-03-04T00:31:05.000Z,true,false,false,,2024-03-04T00:31:05.949Z,0
CVE-2024-2153,https://securityvulnerability.io/vulnerability/CVE-2024-2153,SQL Injection Vulnerability in SourceCodester Online Mobile Management Store,"A significant vulnerability has been identified in the SourceCodester Online Mobile Management Store version 1.0, specifically within the /admin/orders/view_order.php file. This vulnerability arises from improper handling of the 'id' parameter, which can be manipulated to execute SQL injection attacks. Attackers can potentially exploit this weakness to access, modify, or delete database records without proper authorization. As the vulnerability has been made public, it poses a substantial risk to users of the affected software, making timely remediation essential to safeguard data integrity and security.",Sourcecodester,Online Mobile Management Store,9.8,CRITICAL,0.0007800000021234155,false,,false,false,true,2024-03-04T00:31:04.000Z,true,false,false,,2024-03-04T00:31:04.600Z,0
CVE-2024-2151,https://securityvulnerability.io/vulnerability/CVE-2024-2151,Remote Code Execution Vulnerability in SourceCodester Online Mobile Management Store 1.0,"The vulnerability within the SourceCodester Online Mobile Management Store involves an issue in the product price handling component where the argument 'quantity' can be manipulated. This manipulation, specifically by providing a negative value of -1, can lead to unexpected business logic errors, potentially allowing for unauthorized actions or incorrect pricing calculations. The threat can be initiated remotely, making systems that utilize this component susceptible to exploitation. Public disclosure of this vulnerability raises significant concerns regarding its exploitation in the wild, emphasizing the need for immediate attention and remediation.",SourceCodester,Online Mobile Store Management System,5.3,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-03-04T00:15:00.000Z,0
CVE-2024-2152,https://securityvulnerability.io/vulnerability/CVE-2024-2152,SQL Injection Vulnerability in SourceCodester Online Mobile Management Store,"A security vulnerability has been identified in SourceCodester's Online Mobile Management Store version 1.0, specifically within the manage_product.php file. This issue arises from improper handling of the 'id' parameter, leading to SQL injection risks. Attackers may exploit this vulnerability remotely, allowing them to execute unauthorized SQL commands. Given that this vulnerability has been disclosed publicly, it poses a significant risk to users of the product who have not applied necessary security measures or patches. Organizations using this software should prioritize evaluating their systems, applying security updates, and implementing best practices to mitigate potential attacks.",Sourcecodester,Online Mobile Management Store,9.8,CRITICAL,0.0007900000200606883,false,,false,false,true,2024-03-04T00:15:00.000Z,true,false,false,,2024-03-04T00:15:00.000Z,0
CVE-2024-2148,https://securityvulnerability.io/vulnerability/CVE-2024-2148,Unrestricted File Upload Vulnerability in SourceCodester Online Mobile Management Store,"A vulnerability has been identified in SourceCodester's Online Mobile Management Store version 1.0, specifically affecting the Users.php component. This vulnerability allows attackers to manipulate the 'img' argument, leading to unrestricted file uploads. As a result, it can be exploited remotely, potentially enabling unauthorized access and control over the affected system. The exploit has been made public, raising security concerns and the need for immediate attention from users and administrators of this software. For further details and technical insights, refer to the VDB-255501 entry.",Sourcecodester,Online Mobile Management Store,8.8,HIGH,0.0013800000306218863,false,,false,false,true,2024-03-03T17:00:07.000Z,true,false,false,,2024-03-03T17:00:07.167Z,0
CVE-2024-2147,https://securityvulnerability.io/vulnerability/CVE-2024-2147,SQL Injection Vulnerability in SourceCodester Online Mobile Management Store,"A vulnerability was identified in the SourceCodester Online Mobile Management Store 1.0, specifically within the /admin/login.php file. This issue arises when the username parameter can be manipulated, resulting in potential SQL injection attacks. Such an attack allows unauthorized users to access or manipulate the database remotely, leading to data exposure or further compromise of the system. The vulnerability has been publicly disclosed, emphasizing the need for immediate remediation to safeguard user data and system integrity.",Sourcecodester,Online Mobile Management Store,9.8,CRITICAL,0.0017500000540167093,false,,false,false,true,2024-03-03T16:31:04.000Z,true,false,false,,2024-03-03T16:31:04.629Z,0
CVE-2024-2146,https://securityvulnerability.io/vulnerability/CVE-2024-2146,Cross Site Scripting Vulnerability in SourceCodester Online Mobile Management Store 1.0,"A notable cross-site scripting (XSS) vulnerability has been identified in the SourceCodester Online Mobile Management Store version 1.0. This issue resides within the functionality associated with the /?p=products file, where improper handling of input allows an attacker to manipulate the search argument. Such manipulation can lead to the execution of malicious scripts in the context of a user's session, potentially compromising sensitive information and user data. The vulnerability can be exploited remotely, making it a significant concern for users of this platform. Public disclosure of the exploit further emphasizes the need for immediate remediation steps.",Sourcecodester,Online Mobile Management Store,6.1,MEDIUM,0.0006000000284984708,false,,false,false,true,2024-03-03T14:31:04.000Z,true,false,false,,2024-03-03T14:31:04.104Z,0
CVE-2024-2145,https://securityvulnerability.io/vulnerability/CVE-2024-2145,Cross Site Scripting Vulnerability in /endpoint/update-tracker.php Could Allow Remote Attacks,A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255498 is the identifier assigned to this vulnerability.,Sourcecodester,Online Mobile Management Store,3.5,LOW,0.00044999999227002263,false,,false,false,true,2024-03-03T14:00:07.000Z,true,false,false,,2024-03-03T14:00:07.669Z,0