cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-3042,https://securityvulnerability.io/vulnerability/CVE-2024-3042,SQL Injection Vulnerability in SourceCodester Simple Subscription Website,"A critical vulnerability has been identified in SourceCodester's Simple Subscription Website, specifically within the file manage_user.php. This flaw arises from improper handling of user input, which creates a potential for SQL injection attacks. By manipulating the parameter 'id', attackers can execute arbitrary SQL queries against the database, potentially leading to unauthorized access to sensitive data, compromised accounts, and wider system exploitation. The vulnerability is exploitable remotely, and code and public disclosure have been made available, increasing the urgency for affected users to implement necessary security measures. To mitigate this risk, it is crucial for users to apply security patches provided by the vendor and conduct a thorough review of security practices surrounding input validation and user data management.",Sourcecodester,Simple Subscription Website,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-28T15:00:06.000Z,true,false,false,,2024-03-28T15:00:06.943Z,0
CVE-2024-3015,https://securityvulnerability.io/vulnerability/CVE-2024-3015,SQL Injection Vulnerability in SourceCodester Simple Subscription Website,"A critical SQL injection vulnerability has been identified in the SourceCodester Simple Subscription Website version 1.0, specifically within the manage_plan.php file. The vulnerability arises from improper handling of the 'id' argument, allowing an attacker to execute SQL commands by manipulating this parameter. This vulnerability can be exploited remotely, making it a serious threat to the privacy and integrity of the data handled by the application. Public disclosure of the exploit has raised concerns about potential attacks, urging users to apply necessary patches or updates to mitigate risks.",Sourcecodester,Simple Subscription Website,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-28T01:31:03.000Z,true,false,false,,2024-03-28T01:31:03.792Z,0
CVE-2024-3014,https://securityvulnerability.io/vulnerability/CVE-2024-3014,SQL Injection Vulnerability in SourceCodester Simple Subscription Website,"A significant SQL injection vulnerability has been identified in the Simple Subscription Website version 1.0 by SourceCodester. The vulnerability resides in the Actions.php file, where manipulation of the 'title' argument can allow remote attackers to execute arbitrary SQL queries. This flaw poses critical security risks, enabling attackers to gain unauthorized access to the database, potentially compromising sensitive user information. As the exploit has been publicly disclosed, it is vital for users and administrators to take immediate action to secure their applications.",Sourcecodester,Simple Subscription Website,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-28T01:00:04.000Z,true,false,false,,2024-03-28T01:00:04.426Z,0