cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-6267,https://securityvulnerability.io/vulnerability/CVE-2024-6267,Cross Site Scripting Vulnerability in System Info Page,A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.php of the component System Info Page. The manipulation of the argument System Name/System Short Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269479.,Sourcecodester,Service Provider Management System,4.8,MEDIUM,0.0008900000248104334,false,,false,false,true,2024-06-23T05:00:06.000Z,true,false,false,,2024-06-23T06:00:06.027Z,0
CVE-2023-3644,https://securityvulnerability.io/vulnerability/CVE-2023-3644,SourceCodester Service Provider Management System sql injection,"An identified SQL injection vulnerability exists in the SourceCodester Service Provider Management System version 1.0. Specifically, it targets an argument within the file /classes/Master.php?f=save_inquiry. Attackers may exploit this vulnerability remotely, allowing for unauthorized manipulation of database queries through the injection of malicious code. This flaw underscores the importance of input validation and secure coding practices to mitigate the risk of database exposure and potential data breaches.",SourceCodester,Service Provider Management System,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-07-12T18:15:00.000Z,0
CVE-2023-3120,https://securityvulnerability.io/vulnerability/CVE-2023-3120,SourceCodester Service Provider Management System view_service.php sql injection,"A SQL injection vulnerability exists in the SourceCodester Service Provider Management System 1.0 due to improper handling of the 'id' argument in the file view_service.php. This flaw allows attackers to manipulate SQL queries, potentially enabling them to execute arbitrary SQL commands. As a result, a remote attacker may exploit this vulnerability to compromise the database, extract sensitive information, or execute other malicious activities. It is crucial for organizations using this system to apply necessary security patches and updates to mitigate potential risks.",SourceCodester,Service Provider Management System,7.2,HIGH,0.0017000000225380063,false,,false,false,false,,,false,false,,2023-06-06T11:15:00.000Z,0
CVE-2023-3119,https://securityvulnerability.io/vulnerability/CVE-2023-3119,SourceCodester Service Provider Management System view.php sql injection,"The SourceCodester Service Provider Management System 1.0 has a vulnerability in the view.php file where improper handling of the 'id' argument allows remote attackers to manipulate inputs, leading to SQL injection. This can enable unauthorized access to the database, allowing the attacker to execute malicious SQL queries. As the vulnerability has been publicly disclosed, it heightens the urgency for affected users to apply upgrades or protective measures.",SourceCodester,Service Provider Management System,8.8,HIGH,0.002730000065639615,false,,false,false,false,,,false,false,,2023-06-06T11:15:00.000Z,0
CVE-2023-2769,https://securityvulnerability.io/vulnerability/CVE-2023-2769,SourceCodester Service Provider Management System sql injection,"A SQL injection vulnerability has been identified in SourceCodester's Service Provider Management System 1.0, specifically in the file /classes/Master.php?f=delete_service. This weakness allows attackers to manipulate the 'id' parameter, potentially enabling remote exploitation. With public disclosure of the exploit, this issue poses a significant risk, necessitating immediate attention and remediation for affected users.",SourceCodester,Service Provider Management System,8.8,HIGH,0.003289999905973673,false,,false,false,false,,,false,false,,2023-05-17T18:15:00.000Z,0
CVE-2023-2349,https://securityvulnerability.io/vulnerability/CVE-2023-2349,SourceCodester Service Provider Management System index.php cross site scripting,A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592.,Sourcecodester,Service Provider Management System,3.5,LOW,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-04-27T16:15:00.000Z,0
CVE-2023-2350,https://securityvulnerability.io/vulnerability/CVE-2023-2350,SourceCodester Service Provider Management System Users.php cross site scripting,A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227593 was assigned to this vulnerability.,SourceCodester,Service Provider Management System,5.4,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-04-27T16:15:00.000Z,0
CVE-2023-2346,https://securityvulnerability.io/vulnerability/CVE-2023-2346,SourceCodester Service Provider Management System view_inquiry.php sql injection,"A vulnerability exists in SourceCodester's Service Provider Management System (version 1.0) located in the file /admin/inquiries/view_inquiry.php. The issue arises from improper handling of the 'id' argument, allowing an attacker to execute SQL injection attacks remotely. This flaw could lead to unauthorized data access or manipulation, potentially compromising the integrity and confidentiality of the system. Public disclosure of this vulnerability has been made, highlighting the necessity for immediate attention and remediation.",SourceCodester,Service Provider Management System,9.8,CRITICAL,0.010409999638795853,false,,false,false,false,,,false,false,,2023-04-27T15:15:00.000Z,0
CVE-2023-2345,https://securityvulnerability.io/vulnerability/CVE-2023-2345,SourceCodester Service Provider Management System improper authorization,"An improper authorization vulnerability has been identified in the SourceCodester Service Provider Management System 1.0. This flaw resides within the file /classes/Master.php?f=delete_inquiry, where an attacker can manipulate the functionality to gain unauthorized access. The vulnerability allows remote exploitation, posing significant security risks to the system and its users.",Sourcecodester,Service Provider Management System,6.3,MEDIUM,0.005260000005364418,false,,false,false,false,,,false,false,,2023-04-27T15:15:00.000Z,0
CVE-2023-2347,https://securityvulnerability.io/vulnerability/CVE-2023-2347,SourceCodester Service Provider Management System manage_service.php sql injection,A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability.,Sourcecodester,Service Provider Management System,6.3,MEDIUM,0.010409999638795853,false,,false,false,false,,,false,false,,2023-04-27T15:15:00.000Z,0
CVE-2023-2348,https://securityvulnerability.io/vulnerability/CVE-2023-2348,SourceCodester Service Provider Management System manage_user.php sql injection,"A SQL injection vulnerability exists in the SourceCodester Service Provider Management System 1.0, specifically within the file /admin/user/manage_user.php. An attacker could manipulate the 'id' parameter to execute arbitrary SQL commands on the database. This vulnerability can be exploited remotely, allowing malicious actors to gain unauthorized access to sensitive data. The exploit has been publicly disclosed, raising concerns for users of this system to implement necessary security measures promptly.",SourceCodester,Service Provider Management System,9.8,CRITICAL,0.010409999638795853,false,,false,false,false,,,false,false,,2023-04-27T15:15:00.000Z,0
CVE-2023-2344,https://securityvulnerability.io/vulnerability/CVE-2023-2344,SourceCodester Service Provider Management System HTTP POST Request sql injection,"A SQL injection vulnerability has been identified in SourceCodester's Service Provider Management System 1.0. This vulnerability resides within the HTTP POST Request Handler, specifically in the manipulation of the argument name in the file /classes/Master.php?f=save_service. Attackers can exploit this weakness remotely, potentially gaining unauthorized access to the database and compromising sensitive information. Public disclosure of the exploit has raised concerns, urging users to apply recommended security measures immediately to mitigate the risks.",SourceCodester,Service Provider Management System,9.8,CRITICAL,0.007230000104755163,false,,false,false,false,,,false,false,,2023-04-27T14:15:00.000Z,0