cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-1738,https://securityvulnerability.io/vulnerability/CVE-2023-1738,SourceCodester Young Entrepreneur E-Negosyo System sql injection,"A vulnerability exists in the SourceCodester Young Entrepreneur E-Negosyo System 1.0, specifically within the index.php file where the search parameter can be manipulated. This flaw opens the door for attackers to execute arbitrary SQL queries, potentially leading to unauthorized data access or manipulation. The issue can be exploited remotely, making it imperative for users and administrators to address this vulnerability promptly to secure their systems against potential threats.",SourceCodester,Young Entrepreneur E-Negosyo System,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-03-30T21:15:00.000Z,0
CVE-2023-1735,https://securityvulnerability.io/vulnerability/CVE-2023-1735,SourceCodester Young Entrepreneur E-Negosyo System passwordrecover.php sql injection,"A vulnerability has been identified in SourceCodester's Young Entrepreneur E-Negosyo System 1.0 due to improper input validation in the passwordrecover.php file. An attacker can exploit this weakness by manipulating the phonenumber parameter, potentially leading to unauthorized access to the database. This vulnerability allows remote attackers to execute arbitrary SQL queries, which could compromise sensitive information stored in the database.",Sourcecodester,Young Entrepreneur E-negosyo System,6.3,MEDIUM,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-03-30T20:15:00.000Z,0
CVE-2023-1736,https://securityvulnerability.io/vulnerability/CVE-2023-1736,SourceCodester Young Entrepreneur E-Negosyo System sql injection,"A significant SQL injection vulnerability has been identified in the Young Entrepreneur E-Negosyo System, specifically within the file cart/controller.php through the 'add' action. The vulnerability arises from improper handling of the 'PROID' argument, which allows an attacker to manipulate SQL queries, potentially leading to unauthorized data access and compromise of the database integrity. This flaw emphasizes the necessity for robust input validation and security measures in web applications.",SourceCodester,Young Entrepreneur E-Negosyo System,8.8,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-03-30T20:15:00.000Z,0
CVE-2023-1737,https://securityvulnerability.io/vulnerability/CVE-2023-1737,SourceCodester Young Entrepreneur E-Negosyo System login.php sql injection,"A significant SQL injection vulnerability exists in the SourceCodester Young Entrepreneur E-Negosyo System version 1.0, specifically affecting the login.php file. This flaw allows attackers to manipulate the U_USERNAME parameter, leading to unauthorized access and potential data exposure. The vulnerability can be exploited remotely, enabling malicious actors to execute arbitrary SQL commands and possibly compromise the database integrity.",SourceCodester,Young Entrepreneur E-Negosyo System,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-03-30T20:15:00.000Z,0
CVE-2023-1734,https://securityvulnerability.io/vulnerability/CVE-2023-1734,SourceCodester Young Entrepreneur E-Negosyo System unrestricted upload,"A vulnerability has been identified in the Young Entrepreneur E-Negosyo System version 1.0, allowing attackers to upload arbitrary files via the 'image' parameter in the 'admin/products/controller.php?action=add' endpoint. This can lead to potential exploitation, enabling remote attacks. The lack of proper validation on file uploads makes the system susceptible to unauthorized access and manipulation, posing significant risks to the integrity of the application and its data.",SourceCodester,Young Entrepreneur E-Negosyo System,9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-03-30T19:15:00.000Z,0
CVE-2023-1686,https://securityvulnerability.io/vulnerability/CVE-2023-1686,SourceCodester Young Entrepreneur E-Negosyo System GET Parameter index.php cross site scripting,A vulnerability was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file bsenordering/admin/category/index.php of the component GET Parameter Handler. The manipulation of the argument view with the input <script>alert(233)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224243.,SourceCodester,Young Entrepreneur E-Negosyo System,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2023-03-29T07:15:00.000Z,0
CVE-2023-1485,https://securityvulnerability.io/vulnerability/CVE-2023-1485,SourceCodester Young Entrepreneur E-Negosyo System GET Parameter index.php cross site scripting,A vulnerability classified as problematic has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file /bsenordering/index.php of the component GET Parameter Handler. The manipulation of the argument category with the input <script>alert(222)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223371.,SourceCodester,Young Entrepreneur E-Negosyo System,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2023-03-18T21:15:00.000Z,0