Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Lost_and_found_information_system
(Oretnom23)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-04 | CVE-2023-36159 | Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. | Lost_and_found_information_system | 6.1 | ||
| 2023-09-17 | CVE-2023-5018 | A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859. | Lost_and_found_information_system | 9.8 | ||
| 2023-11-03 | CVE-2023-38965 | Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | Lost_and_found_information_system | 9.8 | ||
| 2024-07-29 | CVE-2024-37856 | Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page. | Lost_and_found_information_system | 5.4 |