cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-9319,https://securityvulnerability.io/vulnerability/CVE-2024-9319,SQL Injection Vulnerability in SourceCodester Online Timesheet Application,"A serious SQL injection vulnerability has been identified in the SourceCodester Online Timesheet App version 1.0. The flaw resides in the /endpoint/delete-timesheet.php file, where improper validation of user-supplied input allows attackers to exploit the 'timesheet' argument. This vulnerability enables potential remote attackers to execute arbitrary SQL queries against the database, which could lead to unauthorized data access, data manipulation, and significant compromise of sensitive information. Due to its remote exploitability, organizations using this application must take immediate action to patch the vulnerability and protect their data integrity.",SourceCodester,Online Timesheet App,8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2024-09-29T00:15:00.000Z,0
CVE-2024-9320,https://securityvulnerability.io/vulnerability/CVE-2024-9320,Cross Site Scripting Vulnerability in Online Timesheet App 1.0,A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /endpoint/add-timesheet.php of the component Add Timesheet Form. The manipulation of the argument day/task leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.,SourceCodester,Online Timesheet App,5.4,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-09-29T00:15:00.000Z,0