cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7914,https://securityvulnerability.io/vulnerability/CVE-2024-7914,Cross Site Scripting Vulnerability in SourceCodester Yoga Class Registration System,"A vulnerability has been discovered in the SourceCodester Yoga Class Registration System version 1.0, resulting from an inadequate handling of parameters within the SystemSettings.php file. Specifically, the manipulation of user input can be exploited to inject malicious scripts into web pages viewed by other users. This cross-site scripting issue allows attackers to launch attacks remotely, gaining unauthorized access to sensitive information or performing actions on behalf of users. The public disclosure of this vulnerability increases the risk of exploitation, making it crucial for users to apply safeguards promptly.",SourceCodester,Yoga Class Registration System,5.4,MEDIUM,0.0008800000068731606,false,,false,false,false,,,false,false,,2024-08-18T22:15:00.000Z,0
CVE-2024-7851,https://securityvulnerability.io/vulnerability/CVE-2024-7851,Improper Authorization Vulnerability in SourceCodester Yoga Class Registration System,"The Yoga Class Registration System by SourceCodester, version 1.0, contains a significant vulnerability in the Add User Handler functionality found in the /classes/Users.php?f=save file. This flaw allows attackers to manipulate the system and gain unauthorized access to user management functions. The vulnerability can be exploited remotely, making it especially critical for users of the affected system to implement security measures promptly. Given that this issue has been publicly disclosed, organizations using this software are strongly advised to assess their risk and apply necessary updates or patches to mitigate potential attacks.",SourceCodester,Yoga Class Registration System,9.8,CRITICAL,0.004170000087469816,false,,false,false,false,,,false,false,,2024-08-16T02:15:00.000Z,0
CVE-2024-7853,https://securityvulnerability.io/vulnerability/CVE-2024-7853,SQL Injection Vulnerability in SourceCodester Yoga Class Registration System,"A critical SQL injection vulnerability exists in the SourceCodester Yoga Class Registration System up to version 1.0. This flaw affects the function located in the path /admin/?page=categories/view_category, where the manipulation of the argument 'id' can lead to unauthorized access to the underlying database. Cybercriminals can exploit this vulnerability remotely, allowing them to execute arbitrary SQL commands that could compromise the integrity and confidentiality of sensitive data stored within the system. The exploit has already been made public, increasing the urgency for users of this software to implement security patches or updates to mitigate potential attacks.",Sourcecodester,Yoga Class Registration System,8.8,HIGH,0.0016400000313296914,false,,false,false,true,2024-08-15T23:31:05.000Z,true,false,false,,2024-08-16T00:31:05.932Z,0
CVE-2024-7852,https://securityvulnerability.io/vulnerability/CVE-2024-7852,Yoga Class Registration System Vulnerable to Cross-Site Scripting (XSS),A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.,Sourcecodester,Yoga Class Registration System,5.4,MEDIUM,0.0008800000068731606,false,,false,false,true,2024-08-15T23:31:04.000Z,true,false,false,,2024-08-16T00:31:04.422Z,0
CVE-2023-1395,https://securityvulnerability.io/vulnerability/CVE-2023-1395,SourceCodester Yoga Class Registration System list.php query cross site scripting,A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as problematic. This vulnerability affects the function query of the file admin/user/list.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222982 is the identifier assigned to this vulnerability.,SourceCodester,Yoga Class Registration System,6.1,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2023-03-14T15:15:00.000Z,0
CVE-2023-1366,https://securityvulnerability.io/vulnerability/CVE-2023-1366,SourceCodester Yoga Class Registration System manage_category.php query sql injection,"An SQL injection vulnerability exists in SourceCodester's Yoga Class Registration System 1.0 affecting the manage_category.php file. This vulnerability allows an attacker to manipulate the 'id' parameter in a query, potentially leading to unauthorized access and data manipulation. The issue can be exploited remotely, making it a significant risk for users of this system. Public disclosure of the exploit increases the urgency for prompt mitigation by applying security patches or workarounds.",SourceCodester,Yoga Class Registration System,7.2,HIGH,0.0032500000670552254,false,,false,false,false,,,false,false,,2023-03-13T09:15:00.000Z,0
CVE-2023-0982,https://securityvulnerability.io/vulnerability/CVE-2023-0982,SourceCodester Yoga Class Registration System Add Class Entry sql injection,"The Yoga Class Registration System 1.0, developed by SourceCodester, contains a vulnerability in the Add Class Entry component that allows attackers to manipulate the 'id' argument, resulting in SQL injection. This can be exploited remotely, posing a significant risk to data integrity and security within the application.",SourceCodester,Yoga Class Registration System,9.8,CRITICAL,0.0028800000436604023,false,,false,false,false,,,false,false,,2023-02-23T12:15:00.000Z,0
CVE-2023-0981,https://securityvulnerability.io/vulnerability/CVE-2023-0981,SourceCodester Yoga Class Registration System Delete User sql injection,"A SQL injection vulnerability exists in the Yoga Class Registration System 1.0 developed by SourceCodester. This flaw is triggered when an attacker manipulates the 'id' argument within the Delete User function, enabling the execution of arbitrary SQL commands through remote exploitation. This vulnerability emphasizes the need for robust input validation and security best practices in web applications to prevent unauthorized database access.",SourceCodester,Yoga Class Registration System,9.8,CRITICAL,0.0028800000436604023,false,,false,false,false,,,false,false,,2023-02-23T12:15:00.000Z,0
CVE-2023-0980,https://securityvulnerability.io/vulnerability/CVE-2023-0980,SourceCodester Yoga Class Registration System Status Update update_status.php sql injection,"A vulnerability has been identified in SourceCodester's Yoga Class Registration System, specifically within the Status Update Handler component found in the admin/registrations/update_status.php file. This vulnerability arises from improper handling of the 'id' argument, allowing for potential SQL injection attacks. Attackers may exploit this vulnerability remotely, manipulating SQL queries to gain unauthorized access to sensitive data or execute malicious commands.",SourceCodester,Yoga Class Registration System,9.8,CRITICAL,0.0041600000113248825,false,,false,false,false,,,false,false,,2023-02-23T12:15:00.000Z,0