cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7911,https://securityvulnerability.io/vulnerability/CVE-2024-7911,File Inclusion Vulnerability in SourceCodester Simple Online Bidding System,"A critical security flaw has been discovered in the SourceCodester Simple Online Bidding System version 1.0, affecting the bidding index.php file. This vulnerability allows attack vectors where malicious users can manipulate the 'page' argument to perform unauthorized file inclusion. The exploitation of this flaw can be executed remotely, potentially exposing sensitive system files and posing a significant security threat to users and organizations utilizing this software. The exploit has been publicly disclosed, and immediate actions should be taken to mitigate associated risks.",SourceCodester,Simple Online Bidding System,9.8,CRITICAL,0.0019399999873712659,false,,false,false,false,,,false,false,,2024-08-18T20:15:00.000Z,0
CVE-2024-7800,https://securityvulnerability.io/vulnerability/CVE-2024-7800,SQL Injection Vulnerability in SourceCodester Simple Online Bidding System,"A significant SQL injection vulnerability exists in the SourceCodester Simple Online Bidding System version 1.0, specifically within the /simple-online-bidding-system/bidding/admin/ajax.php file when handling the delete_product action. Attackers can exploit this vulnerability by manipulating the 'id' argument to execute arbitrary SQL commands, potentially leading to unauthorized data access or modification. The exploit can be triggered remotely, increasing the risk to affected systems. Security researchers have publicly disclosed the details of this vulnerability, emphasizing the need for immediate patching to safeguard user data and system integrity.",SourceCodester,Simple Online Bidding System,7.5,HIGH,0.0019199999514967203,false,,false,false,false,,,false,false,,2024-08-15T00:15:00.000Z,0
CVE-2024-7799,https://securityvulnerability.io/vulnerability/CVE-2024-7799,Improper Authorization Vulnerability in SourceCodester Simple Online Bidding System,"A newly discovered vulnerability in SourceCodester's Simple Online Bidding System version 1.0 exposes a critical flaw in the user administration functionality, specifically within the file located at /simple-online-bidding-system/bidding/admin/users.php. This vulnerability allows an attacker to bypass proper authorization mechanisms, enabling unauthorized access to sensitive user data and administrative functions. The attack can be conducted remotely, raising significant security concerns for affected installations. Security experts recommend reviewing system configurations and applying necessary patches to mitigate potential exploitation of this vulnerability.",Sourcecodester,Simple Online Bidding System,7.3,HIGH,0.002730000065639615,false,,false,false,true,2024-08-14T23:15:00.000Z,true,false,false,,2024-08-15T00:15:00.000Z,0
CVE-2024-7798,https://securityvulnerability.io/vulnerability/CVE-2024-7798,SQL Injection Vulnerability in SourceCodester Simple Online Bidding System,"A critical SQL Injection vulnerability has been identified in the SourceCodester Simple Online Bidding System version 1.0. This vulnerability resides within an unspecified feature of the ajax.php script, specifically during the login process. Attackers can manipulate the 'username' parameter to execute unauthorized SQL commands, potentially leading to data exposure or complete system compromise. The vulnerability is remotely exploitable, increasing its severity as it can be leveraged by unauthorized users without any need for local access. With public disclosure of the exploit, organizations using this system are urged to apply necessary patches or embark on mitigation strategies to secure their platforms from potential attacks.",SourceCodester,Simple Online Bidding System,9.8,CRITICAL,0.0013800000306218863,false,,false,false,false,,,false,false,,2024-08-15T00:15:00.000Z,0
CVE-2024-7797,https://securityvulnerability.io/vulnerability/CVE-2024-7797,SQL Injection Vulnerability in SourceCodester Simple Online Bidding System,"A critical SQL injection vulnerability exists in SourceCodester Simple Online Bidding System version 1.0. The flaw resides within the file located at /simple-online-bidding-system/bidding/admin/ajax.php, specifically in the 'login' function, where improper validation of the 'username' argument can be exploited. This vulnerability allows malicious users to perform SQL injection attacks remotely, potentially compromising the integrity and confidentiality of the database. Exploitation of this vulnerability has been publicly disclosed, emphasizing the urgent need for users to update their systems and apply necessary security measures.",SourceCodester,Simple Online Bidding System,9.8,CRITICAL,0.0013800000306218863,false,,false,false,false,,,false,false,,2024-08-15T00:15:00.000Z,0
CVE-2024-6417,https://securityvulnerability.io/vulnerability/CVE-2024-6417,SQL Injection Vulnerability in SourceCodester Simple Online Bidding System,"An SQL injection vulnerability has been discovered in the SourceCodester Simple Online Bidding System version 1.0. This vulnerability arises from inadequately sanitized inputs in the file /admin/ajax.php when processing delete user actions. By manipulating the 'id' parameter, an attacker could execute arbitrary SQL commands on the backend database, compromising the integrity and confidentiality of the stored data. This issue can be exploited remotely, allowing malicious actors to perform unauthorized actions without needing physical access to the system. Security measures should be promptly implemented to patch this vulnerability and prevent possible exploitations, which have already been disclosed publicly.",Sourcecodester,Simple Online Bidding System,7.5,HIGH,0.006320000160485506,false,,false,false,true,2024-06-30T21:31:04.000Z,true,false,false,,2024-06-30T22:31:04.420Z,0
CVE-2024-6280,https://securityvulnerability.io/vulnerability/CVE-2024-6280,Unrestricted File Upload Vulnerability in SourceCodester Simple Online Bidding System,"A serious vulnerability has been discovered in the SourceCodester Simple Online Bidding System version 1.0, specifically located in the /admin/ajax.php file under the save_settings action. This vulnerability stems from the manipulation of the img parameter, which enables unauthorized users to perform unrestricted file uploads. The exploit can be executed remotely, potentially allowing attackers to upload malicious files to the server, leading to a range of security breaches, such as server compromise or data theft. The public disclosure of this vulnerability increases the urgency for affected users to apply necessary security measures.",Sourcecodester,Simple Online Bidding System,9.8,CRITICAL,0.003449999960139394,false,,false,false,true,2024-06-24T02:00:05.000Z,true,false,false,,2024-06-24T03:00:05.504Z,0
CVE-2024-5437,https://securityvulnerability.io/vulnerability/CVE-2024-5437,Cross Site Scripting Vulnerability in Simple Online Bidding System 1.0,A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266442 is the identifier assigned to this vulnerability.,SourceCodester,Simple Online Bidding System,6.1,MEDIUM,0.005109999794512987,false,,false,false,false,,,false,false,,2024-05-29T00:15:00.000Z,0
CVE-2024-5428,https://securityvulnerability.io/vulnerability/CVE-2024-5428,Cross-Site Request Forgery Vulnerability in SourceCodester Simple Online Bidding System,A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=manage_product of the component HTTP POST Request Handler. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-266383.,Sourcecodester,Simple Online Bidding System,4.3,MEDIUM,0.0025400000158697367,false,,false,false,false,,,false,false,,2024-05-28T13:31:03.731Z,0
CVE-2024-4933,https://securityvulnerability.io/vulnerability/CVE-2024-4933,SQL Injection Flaw in SourceCodester Simple Online Bidding System,"A significant SQL injection vulnerability exists in the SourceCodester Simple Online Bidding System version 1.0, specifically within the administration interface. This flaw can be exploited remotely by manipulating the 'id' parameter in the URL of the file located at /simple-online-bidding-system/admin/index.php?page=manage_product. An attacker could leverage this vulnerability to execute arbitrary SQL commands, potentially allowing unauthorized access to sensitive data or even complete control of the database. It is crucial for users of this system to apply the necessary security patches and review their configurations to mitigate the risk of exploitation. The vulnerability has been disclosed publicly, which necessitates immediate action to prevent potential attacks.",Sourcecodester,Simple Online Bidding System,9.8,CRITICAL,0.00646999990567565,false,,false,false,true,2024-05-16T04:00:04.000Z,true,false,false,,2024-05-16T05:00:04.217Z,0
CVE-2024-4932,https://securityvulnerability.io/vulnerability/CVE-2024-4932,SQL Injection Vulnerability in SourceCodester Simple Online Bidding System,"An SQL injection vulnerability exists within the Simple Online Bidding System developed by SourceCodester, specifically within the admin functionality accessed via the manage_user page. The vulnerability arises from inadequate validation of user-supplied parameters, which allows the malicious manipulation of the 'id' argument in URL requests. Attackers can send crafted requests to exploit this weakness, leading to unauthorized access to the database and potentially compromising sensitive data. The vulnerability poses a serious risk as it can be exploited remotely, making it imperative for users to assess their installations and implement necessary mitigations promptly.",Sourcecodester,Simple Online Bidding System,9.8,CRITICAL,0.00646999990567565,false,,false,false,true,2024-05-16T03:31:05.000Z,true,false,false,,2024-05-16T04:31:05.376Z,0
CVE-2024-4931,https://securityvulnerability.io/vulnerability/CVE-2024-4931,SQL Injection Vulnerability in SourceCodester Simple Online Bidding System,"A critical SQL injection vulnerability exists in the SourceCodester Simple Online Bidding System 1.0. The issue arises from improper validation and processing of the 'id' argument in the file /simple-online-bidding-system/admin/index.php?page=view_udet. This flaw enables an attacker to craft malicious SQL queries, which can lead to unauthorized access to sensitive database information. The remotely exploitable nature of this vulnerability poses a significant risk as it allows malicious actors to execute commands on the database server without the need for authentication. The public disclosure of this vulnerability increases its potential for exploitation, necessitating immediate remedial action for affected users.",Sourcecodester,Simple Online Bidding System,9.8,CRITICAL,0.00646999990567565,false,,false,false,true,2024-05-16T03:31:03.000Z,true,false,false,,2024-05-16T04:31:03.974Z,0
CVE-2024-4930,https://securityvulnerability.io/vulnerability/CVE-2024-4930,SQL Injection Vulnerability in SourceCodester Simple Online Bidding System,"A significant vulnerability has been identified in the SourceCodester Simple Online Bidding System, specifically in the application file at /simple-online-bidding-system/index.php?page=view_prod. The flaw allows for an SQL injection through manipulation of the 'id' parameter, which could be exploited by remote attackers to execute arbitrary SQL commands. This vulnerability poses severe risks as attackers can gain unauthorized access to sensitive data or execute destructive operations within the database. The exploit has already been disclosed, prompting the need for immediate attention to secure systems against potential attacks.",Sourcecodester,Simple Online Bidding System,8.8,HIGH,0.009469999931752682,false,,false,false,true,2024-05-16T03:00:04.000Z,true,false,false,,2024-05-16T04:00:04.746Z,0
CVE-2024-4929,https://securityvulnerability.io/vulnerability/CVE-2024-4929,Cross-Site Request Forgery Vulnerability in Simple Online Bidding System 1.0,A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264465 was assigned to this vulnerability.,Sourcecodester,Simple Online Bidding System,4.3,MEDIUM,0.0050200000405311584,false,,false,false,true,2024-05-16T02:31:04.000Z,true,false,false,,2024-05-16T03:31:04.697Z,0
CVE-2024-4928,https://securityvulnerability.io/vulnerability/CVE-2024-4928,SQL Injection Vulnerability in SourceCodester Simple Online Bidding System,"An SQL injection vulnerability has been identified in the SourceCodester Simple Online Bidding System version 1.0, which allows unauthorized remote attackers to manipulate SQL queries through the insecure handling of the 'id' parameter in the ajax.php file during category deletion actions. This vulnerability can lead to unauthorized access to sensitive data or potential database compromise. Given its public disclosure, it is imperative that users and administrators of this system take immediate action to apply necessary patches and implement security measures to safeguard against potential exploits.",Sourcecodester,Simple Online Bidding System,9.8,CRITICAL,0.009320000186562538,false,,false,false,true,2024-05-16T02:00:05.000Z,true,false,false,,2024-05-16T03:00:05.075Z,0
CVE-2024-4927,https://securityvulnerability.io/vulnerability/CVE-2024-4927,Unrestricted File Upload in SourceCodester Simple Online Bidding System,"A critical security vulnerability exists in SourceCodester's Simple Online Bidding System version 1.0, specifically within the functionality of the file located at /simple-online-bidding-system/admin/ajax.php?action=save_product. This flaw allows attackers to perform unrestricted file uploads, potentially enabling them to execute arbitrary code or upload malicious files to the server. The vulnerability can be exploited remotely, increasing the threat level, as it poses a significant risk to data integrity and system security. Awareness and prompt action can mitigate the impact of this vulnerability on affected systems.",Sourcecodester,Simple Online Bidding System,9.8,CRITICAL,0.010259999893605709,false,,false,false,true,2024-05-16T01:31:03.000Z,true,false,false,,2024-05-16T02:31:03.908Z,0
CVE-2024-2077,https://securityvulnerability.io/vulnerability/CVE-2024-2077,SQL Injection Vulnerability in SourceCodester Simple Online Bidding System,"A vulnerability has been identified within the SourceCodester Simple Online Bidding System, specifically in the index.php file. This vulnerability arises from improper handling of input parameters related to the category_id, leading to a potential SQL injection. This flaw allows an attacker to manipulate SQL queries executed by the application, facilitating unauthorized access to the database and the potential extraction of sensitive information. The attack can be executed remotely, posing a significant risk to users of the affected system.",Sourcecodester,Simple Online Bidding System,9.8,CRITICAL,0.0012100000167265534,false,,false,false,true,2024-03-01T18:31:08.000Z,true,false,false,,2024-03-01T18:31:08.487Z,0