cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7813,https://securityvulnerability.io/vulnerability/CVE-2024-7813,Insufficiently Protected Credentials in Profile Image Handler Could Lead to Remote Exploitation,"A vulnerability exists in the SourceCodester Prison Management System 1.0 due to insufficiently protected credentials in the Profile Image Handler component. This issue may allow unauthorized remote attacks that manipulate the file located at /uploadImage/Profile/. The vulnerability exposes sensitive information, potentially enabling attackers to gain access to user credentials without proper safeguards. The public disclosure of this exploit heightens the urgency for affected users to take proactive measures to mitigate risk.",Sourcecodester,Prison Management System,7.5,HIGH,0.0029299999587237835,false,,false,false,true,2024-08-15T02:00:08.000Z,true,false,false,,2024-08-15T03:00:08.118Z,0
CVE-2024-4645,https://securityvulnerability.io/vulnerability/CVE-2024-4645,Cross Site Scripting Vulnerability in Prison Management System 1.0,A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263489 was assigned to this vulnerability.,Sourcecodester,Prison Management System,3.5,LOW,0.00044999999227002263,false,,false,false,true,2024-05-08T11:31:04.000Z,true,false,false,,2024-05-08T12:31:04.798Z,0
CVE-2024-4644,https://securityvulnerability.io/vulnerability/CVE-2024-4644,Cross Site Scripting Vulnerability in Prison Management System 1.0,A vulnerability has been found in SourceCodester Prison Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /Employee/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263488.,Sourcecodester,Prison Management System,3.5,LOW,0.00044999999227002263,false,,false,false,true,2024-05-08T10:31:03.000Z,true,false,false,,2024-05-08T11:31:03.760Z,0
CVE-2024-4528,https://securityvulnerability.io/vulnerability/CVE-2024-4528,Cross Site Scripting Vulnerability in Prison Management System 1.0,A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263131.,Sourcecodester,Prison Management System,2.4,LOW,0.00044999999227002263,false,,false,false,true,2024-05-06T05:31:04.000Z,true,false,false,,2024-05-06T06:31:04.328Z,0
CVE-2024-4512,https://securityvulnerability.io/vulnerability/CVE-2024-4512,Cross Site Scripting Vulnerability in Prison Management System 1.0,A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/edit-profile.php. The manipulation of the argument txtfullname/txtdob/txtaddress/txtqualification/cmddept/cmdemployeetype/txtappointment leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263116.,Sourcecodester,Prison Management System,3.5,LOW,0.00044999999227002263,false,,false,false,true,2024-05-06T00:31:04.000Z,true,false,false,,2024-05-06T01:31:04.141Z,0
CVE-2024-4500,https://securityvulnerability.io/vulnerability/CVE-2024-4500,Unrestricted Photo Upload Vulnerability in SourceCodester Prison Management System 1.0,A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Employee/edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263104.,Sourcecodester,Prison Management System,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-05-05T17:00:04.000Z,true,false,false,,2024-05-05T18:00:04.947Z,0
CVE-2024-3443,https://securityvulnerability.io/vulnerability/CVE-2024-3443,Cross Site Scripting Vulnerability in /Employee/apply_leave.php Could Allow Remote Attack,A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/apply_leave.php. The manipulation of the argument txtstart_date/txtend_date leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259696.,Sourcecodester,Prison Management System,3.5,LOW,0.00044999999227002263,false,,false,false,true,2024-04-08T14:00:05.000Z,true,false,false,,2024-04-08T15:00:05.527Z,0
CVE-2024-3442,https://securityvulnerability.io/vulnerability/CVE-2024-3442,SQL Injection Vulnerability in SourceCodester Prison Management System,"A critical SQL injection vulnerability has been identified in the SourceCodester Prison Management System version 1.0, specifically affecting the /Employee/delete_leave.php file. This vulnerability allows remote attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data or system compromise. The vulnerability has been made public, making it imperative for users of this software to implement immediate security measures to safeguard against possible exploits. Regular updates and patches should be monitored to ensure system integrity and security.",Sourcecodester,Prison Management System,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-04-08T13:31:04.000Z,true,false,false,,2024-04-08T14:31:04.424Z,0
CVE-2024-3441,https://securityvulnerability.io/vulnerability/CVE-2024-3441,SQL Injection Vulnerability in SourceCodester Prison Management System,"A significant SQL injection vulnerability exists in the SourceCodester Prison Management System version 1.0. This flaw is present in the 'edit-profile.php' file within the employee management module. An attacker could remotely exploit this vulnerability to manipulate database queries, potentially leading to exposure of sensitive data and further compromise of the application's integrity. The public disclosure of this vulnerability heightens the risk, emphasizing the urgency for users to apply necessary patches or updates to safeguard their systems.",Sourcecodester,Prison Management System,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-04-08T13:00:06.000Z,true,false,false,,2024-04-08T14:00:06.372Z,0
CVE-2024-3440,https://securityvulnerability.io/vulnerability/CVE-2024-3440,SQL Injection Vulnerability in SourceCodester Prison Management System,"A significant vulnerability exists within the SourceCodester Prison Management System 1.0 that allows for SQL injection attacks through the admin interface, specifically at the file path /Admin/edit_profile.php. This vulnerability can be exploited by remote attackers, enabling them to manipulate SQL queries executed by the application. The public disclosure of the vulnerability has raised concerns regarding its potential misuse. Organizations utilizing this software are advised to implement immediate security measures to mitigate any risk associated with unauthorized access and data breaches. It is crucial to remain vigilant and regularly update software to protect against emerging threats.",Sourcecodester,Prison Management System,4.7,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-04-08T13:00:04.000Z,true,false,false,,2024-04-08T14:00:04.825Z,0
CVE-2024-3439,https://securityvulnerability.io/vulnerability/CVE-2024-3439,SQL Injection Vulnerability in SourceCodester Prison Management System,"A prominent SQL injection vulnerability was identified in the login function of the SourceCodester Prison Management System version 1.0. This security flaw allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized access and manipulation of the underlying database. The vulnerability is particularly concerning because it can be exploited remotely, meaning that an attacker does not need physical access to the system to execute their malicious actions. With the exploit publicly disclosed, it poses a significant risk to the security and integrity of data managed by the Prison Management System. Organizations using this software must act swiftly to patch their systems and mitigate potential attacks.",Sourcecodester,Prison Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-04-08T10:31:05.000Z,true,false,false,,2024-04-08T11:31:05.079Z,0
CVE-2024-3438,https://securityvulnerability.io/vulnerability/CVE-2024-3438,SQL Injection Vulnerability in SourceCodester Prison Management System,"A critical SQL injection vulnerability has been identified in version 1.0 of the SourceCodester Prison Management System. This vulnerability occurs in the /Admin/login.php file, allowing an attacker to execute arbitrary SQL queries by manipulating parameters. The exploitation of this vulnerability can be initiated remotely, posing significant risks to the confidentiality and integrity of the system's database. Public disclosure of the exploit has raised concerns about its potential misuse. Organizations using this system must take immediate steps to implement security measures and update their systems to mitigate the risk.",Sourcecodester,Prison Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-04-08T10:00:04.000Z,true,false,false,,2024-04-08T11:00:04.899Z,0
CVE-2024-3437,https://securityvulnerability.io/vulnerability/CVE-2024-3437,Unrestricted File Upload Vulnerability in SourceCodester Prison Management System,"A critical security issue has been identified within the SourceCodester Prison Management System, particularly in version 1.0. The vulnerability pertains to the /Admin/add-admin.php component of the Avatar Handler, where improper handling of the avatar argument allows for unrestricted file uploads. This presents a significant risk as it enables remote attackers to exploit this flaw, potentially leading to the execution of malicious files on the server. As details of this vulnerability are publicly disclosed, it is essential for users and administrators to take immediate precautions to mitigate the risks associated with this exploit.",Sourcecodester,Prison Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-04-07T23:15:00.000Z,true,false,false,,2024-04-08T00:15:00.000Z,0
CVE-2024-3436,https://securityvulnerability.io/vulnerability/CVE-2024-3436,Unrestricted Photo Upload Vulnerability in Prison Management System,"A vulnerability in the SourceCodester Prison Management System version 1.0 has been identified, affecting the Avatar Handler component found in the file /Admin/edit-photo.php. This flaw allows an attacker to manipulate the avatar argument, enabling unrestricted upload of files. The nature of this vulnerability can lead to remote exploitation, allowing unauthorized access and potential execution of malicious code. The exploit has already been disclosed publicly, heightening security concerns for all users of the platform. Organizations using this product should take immediate measures to mitigate the associated risks.",Sourcecodester,Prison Management System,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-04-07T23:15:00.000Z,true,false,false,,2024-04-08T00:15:00.000Z,0
CVE-2022-2018,https://securityvulnerability.io/vulnerability/CVE-2022-2018,SourceCodester Prison Management System Inmate sql injection,"A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",Sourcecodester,Prison Management System,4.7,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-06-09T16:15:00.000Z,0
CVE-2022-2017,https://securityvulnerability.io/vulnerability/CVE-2022-2017,SourceCodester Prison Management System Visit view_visit.php sql injection,"A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",Sourcecodester,Prison Management System,4.7,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-06-09T16:15:00.000Z,0
CVE-2022-2020,https://securityvulnerability.io/vulnerability/CVE-2022-2020,SourceCodester Prison Management System System Name cross site scripting,"A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="""" onerror=""alert(1)""> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",Sourcecodester,Prison Management System,2.4,LOW,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-06-09T16:15:00.000Z,0
CVE-2022-2019,https://securityvulnerability.io/vulnerability/CVE-2022-2019,SourceCodester Prison Management System New User Creation improper authorization,A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.,Sourcecodester,Prison Management System,7.3,HIGH,0.0008099999977275729,false,,false,false,false,,,false,false,,2022-06-09T16:15:00.000Z,0