Vulnerabilites related to simple_task_managing_system_project - simple_task_managing_system
Vulnerability from fkie_nvd
Published
2022-09-21 18:15
Modified
2024-11-21 07:20
Severity ?
Summary
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://simple.com | Broken Link | |
| cve@mitre.org | https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS2.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://simple.com | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS2.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_task_managing_system_project | simple_task_managing_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_task_managing_system_project:simple_task_managing_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD72E30-181F-47F3-BB38-BF40AABDD45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter."
},
{
"lang": "es",
"value": "Se ha detectado que SourceCodester Simple Task Managing System versi\u00f3n v1.0, contiene una vulnerabilidad de cross-site scripting (XSS) por medio del componente newProjectValidation.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga \u00fatil dise\u00f1ada inyectada en el par\u00e1metro fullName"
}
],
"id": "CVE-2022-40028",
"lastModified": "2024-11-21T07:20:44.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-21T18:15:10.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://simple.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS2.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://simple.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS2.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-27 09:15
Modified
2024-11-21 07:18
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://vuldb.com/?id.207423 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.207423 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_task_managing_system_project | simple_task_managing_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_task_managing_system_project:simple_task_managing_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD72E30-181F-47F3-BB38-BF40AABDD45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Simple Task Managing System. Esto afecta a una parte desconocida del archivo /loginVaLidation.php. La manipulaci\u00f3n del argumento login conlleva a una inyecci\u00f3n sql. Es posible iniciar el ataque de forma remota. El identificador asociado a esta vulnerabilidad es VDB-207423."
}
],
"id": "CVE-2022-3013",
"lastModified": "2024-11-21T07:18:38.193",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-27T09:15:08.597",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.207423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.207423"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-17 14:15
Modified
2024-11-21 07:20
Severity ?
Summary
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_task_managing_system_project | simple_task_managing_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_task_managing_system_project:simple_task_managing_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD72E30-181F-47F3-BB38-BF40AABDD45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in \u0027username\u0027 and \u0027password\u0027 parameters, allows attackers to execute arbitrary code and gain sensitive information."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Simple Task Management System versi\u00f3n 1.0 en login.php en los par\u00e1metros \u0027username\u0027 y \u0027password\u0027, permite a los atacantes ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial."
}
],
"id": "CVE-2022-40032",
"lastModified": "2024-11-21T07:20:45.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-17T14:15:15.370",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/171739/Simple-Task-Managing-System-1.0-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/h4md153v63n/CVE-2022-40032_Simple-Task-Managing-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.sourcecodester.com/sites/default/files/download/razormist/Task%20Managing%20System%20in%20PHP.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171739/Simple-Task-Managing-System-1.0-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/h4md153v63n/CVE-2022-40032_Simple-Task-Managing-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.sourcecodester.com/sites/default/files/download/razormist/Task%20Managing%20System%20in%20PHP.zip"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-27 09:15
Modified
2024-11-21 07:18
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/Drun1baby/CVE_Pentest/blob/main/Task%20Managing%20System%20in%20PHP%20CMS/images/xss.png | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.207424 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Drun1baby/CVE_Pentest/blob/main/Task%20Managing%20System%20in%20PHP%20CMS/images/xss.png | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.207424 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_task_managing_system_project | simple_task_managing_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_task_managing_system_project:simple_task_managing_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD72E30-181F-47F3-BB38-BF40AABDD45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en SourceCodester Simple Task Managing System. Esta vulnerabilidad afecta a c\u00f3digo desconocido. La manipulaci\u00f3n del argumento student_add conlleva un ataque de tipo cross site scripting. El ataque puede ser iniciado remotamente. El identificador de esta vulnerabilidad es VDB-207424."
}
],
"id": "CVE-2022-3014",
"lastModified": "2024-11-21T07:18:38.317",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-27T09:15:08.653",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Drun1baby/CVE_Pentest/blob/main/Task%20Managing%20System%20in%20PHP%20CMS/images/xss.png"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.207424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Drun1baby/CVE_Pentest/blob/main/Task%20Managing%20System%20in%20PHP%20CMS/images/xss.png"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.207424"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-21 18:15
Modified
2024-11-21 07:20
Severity ?
Summary
SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL1.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_task_managing_system_project | simple_task_managing_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_task_managing_system_project:simple_task_managing_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD72E30-181F-47F3-BB38-BF40AABDD45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php."
},
{
"lang": "es",
"value": "Se ha detectado que SourceCodester Simple Task Managing System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro bookId en el archivo board.php"
}
],
"id": "CVE-2022-40026",
"lastModified": "2024-11-21T07:20:44.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-21T18:15:10.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-21 18:15
Modified
2024-11-21 07:20
Severity ?
Summary
SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://simple.com | Broken Link | |
| cve@mitre.org | https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL2.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://simple.com | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL2.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_task_managing_system_project | simple_task_managing_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_task_managing_system_project:simple_task_managing_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD72E30-181F-47F3-BB38-BF40AABDD45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php."
},
{
"lang": "es",
"value": "Se ha detectado que SourceCodester Simple Task Managing System versi\u00f3n v1.0, contiene una vulnerabilidad de inyecci\u00f3n SQL por medio del par\u00e1metro bookId en el archivo changeStatus.php"
}
],
"id": "CVE-2022-40030",
"lastModified": "2024-11-21T07:20:45.237",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-21T18:15:10.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://simple.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL2.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://simple.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL2.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-21 18:15
Modified
2024-11-21 07:20
Severity ?
Summary
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://simple.com | Broken Link | |
| cve@mitre.org | https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS3.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://simple.com | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS3.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_task_managing_system_project | simple_task_managing_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_task_managing_system_project:simple_task_managing_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD72E30-181F-47F3-BB38-BF40AABDD45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter."
},
{
"lang": "es",
"value": "Se ha detectado que SourceCodester Simple Task Managing System versi\u00f3n v1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del componente newProjectValidation.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga \u00fatil dise\u00f1ada inyectada en el par\u00e1metro shortName"
}
],
"id": "CVE-2022-40029",
"lastModified": "2024-11-21T07:20:45.083",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-21T18:15:10.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://simple.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS3.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://simple.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS3.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-21 18:15
Modified
2024-11-21 07:20
Severity ?
Summary
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://simple.com | Broken Link | |
| cve@mitre.org | https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS1.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://simple.com | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_task_managing_system_project | simple_task_managing_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_task_managing_system_project:simple_task_managing_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD72E30-181F-47F3-BB38-BF40AABDD45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter."
},
{
"lang": "es",
"value": "Se ha detectado que SourceCodester Simple Task Managing System versi\u00f3n v1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del componente newTask.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga \u00fatil dise\u00f1ada inyectada en el par\u00e1metro shortName"
}
],
"id": "CVE-2022-40027",
"lastModified": "2024-11-21T07:20:44.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-21T18:15:10.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://simple.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS1.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://simple.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-3014
Vulnerability from cvelistv5
Published
2022-08-27 09:05
Modified
2024-08-03 00:53
Severity ?
EPSS score ?
Summary
A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Drun1baby/CVE_Pentest/blob/main/Task%20Managing%20System%20in%20PHP%20CMS/images/xss.png | x_refsource_MISC | |
| https://vuldb.com/?id.207424 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Simple Task Managing System |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Drun1baby/CVE_Pentest/blob/main/Task%20Managing%20System%20in%20PHP%20CMS/images/xss.png"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.207424"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple Task Managing System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-27T09:05:20",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Drun1baby/CVE_Pentest/blob/main/Task%20Managing%20System%20in%20PHP%20CMS/images/xss.png"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.207424"
}
],
"title": "SourceCodester Simple Task Managing System cross site scripting",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-3014",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SourceCodester Simple Task Managing System cross site scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple Task Managing System",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "SourceCodester"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Drun1baby/CVE_Pentest/blob/main/Task%20Managing%20System%20in%20PHP%20CMS/images/xss.png",
"refsource": "MISC",
"url": "https://github.com/Drun1baby/CVE_Pentest/blob/main/Task%20Managing%20System%20in%20PHP%20CMS/images/xss.png"
},
{
"name": "https://vuldb.com/?id.207424",
"refsource": "MISC",
"url": "https://vuldb.com/?id.207424"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3014",
"datePublished": "2022-08-27T09:05:20",
"dateReserved": "2022-08-27T00:00:00",
"dateUpdated": "2024-08-03T00:53:00.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40028
Vulnerability from cvelistv5
Published
2022-09-21 17:11
Modified
2024-08-03 12:07
Severity ?
EPSS score ?
Summary
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://simple.com | x_refsource_MISC | |
| https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html | x_refsource_MISC | |
| https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS2.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://simple.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-21T17:11:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://simple.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS2.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-40028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://simple.com",
"refsource": "MISC",
"url": "http://simple.com"
},
{
"name": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"name": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS2.md",
"refsource": "MISC",
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS2.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40028",
"datePublished": "2022-09-21T17:11:42",
"dateReserved": "2022-09-06T00:00:00",
"dateUpdated": "2024-08-03T12:07:42.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3013
Vulnerability from cvelistv5
Published
2022-08-27 09:05
Modified
2024-08-03 00:53
Severity ?
EPSS score ?
Summary
A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.207423 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Simple Task Managing System |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.207423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple Task Managing System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-27T09:05:19",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.207423"
}
],
"title": "SourceCodester Simple Task Managing System loginVaLidation.php sql injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-3013",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SourceCodester Simple Task Managing System loginVaLidation.php sql injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple Task Managing System",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "SourceCodester"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vuldb.com/?id.207423",
"refsource": "MISC",
"url": "https://vuldb.com/?id.207423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3013",
"datePublished": "2022-08-27T09:05:19",
"dateReserved": "2022-08-27T00:00:00",
"dateUpdated": "2024-08-03T00:53:00.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40030
Vulnerability from cvelistv5
Published
2022-09-21 17:11
Modified
2024-08-03 12:07
Severity ?
EPSS score ?
Summary
SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://simple.com | x_refsource_MISC | |
| https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html | x_refsource_MISC | |
| https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL2.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:43.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://simple.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-21T17:11:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://simple.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL2.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-40030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://simple.com",
"refsource": "MISC",
"url": "http://simple.com"
},
{
"name": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"name": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL2.md",
"refsource": "MISC",
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL2.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40030",
"datePublished": "2022-09-21T17:11:44",
"dateReserved": "2022-09-06T00:00:00",
"dateUpdated": "2024-08-03T12:07:43.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40027
Vulnerability from cvelistv5
Published
2022-09-21 17:11
Modified
2024-08-03 12:07
Severity ?
EPSS score ?
Summary
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://simple.com | x_refsource_MISC | |
| https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html | x_refsource_MISC | |
| https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS1.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:43.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://simple.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-21T17:11:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://simple.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-40027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://simple.com",
"refsource": "MISC",
"url": "http://simple.com"
},
{
"name": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"name": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS1.md",
"refsource": "MISC",
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40027",
"datePublished": "2022-09-21T17:11:41",
"dateReserved": "2022-09-06T00:00:00",
"dateUpdated": "2024-08-03T12:07:43.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40029
Vulnerability from cvelistv5
Published
2022-09-21 17:11
Modified
2024-08-03 12:07
Severity ?
EPSS score ?
Summary
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://simple.com | x_refsource_MISC | |
| https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html | x_refsource_MISC | |
| https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS3.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://simple.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS3.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-21T17:11:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://simple.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS3.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-40029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://simple.com",
"refsource": "MISC",
"url": "http://simple.com"
},
{
"name": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html",
"refsource": "MISC",
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"name": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS3.md",
"refsource": "MISC",
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS3.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40029",
"datePublished": "2022-09-21T17:11:43",
"dateReserved": "2022-09-06T00:00:00",
"dateUpdated": "2024-08-03T12:07:42.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40032
Vulnerability from cvelistv5
Published
2023-02-17 00:00
Modified
2024-08-03 12:07
Severity ?
EPSS score ?
Summary
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:43.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sourcecodester.com/sites/default/files/download/razormist/Task%20Managing%20System%20in%20PHP.zip"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/h4md153v63n/CVE-2022-40032_Simple-Task-Managing-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171739/Simple-Task-Managing-System-1.0-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in \u0027username\u0027 and \u0027password\u0027 parameters, allows attackers to execute arbitrary code and gain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-06T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html"
},
{
"url": "https://www.sourcecodester.com/sites/default/files/download/razormist/Task%20Managing%20System%20in%20PHP.zip"
},
{
"url": "https://github.com/h4md153v63n/CVE-2022-40032_Simple-Task-Managing-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated"
},
{
"url": "http://packetstormsecurity.com/files/171739/Simple-Task-Managing-System-1.0-SQL-Injection.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40032",
"datePublished": "2023-02-17T00:00:00",
"dateReserved": "2022-09-06T00:00:00",
"dateUpdated": "2024-08-03T12:07:43.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40026
Vulnerability from cvelistv5
Published
2022-09-21 17:11
Modified
2024-08-03 12:07
Severity ?
EPSS score ?
Summary
SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL1.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:43.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-21T17:11:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-40026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL1.md",
"refsource": "MISC",
"url": "https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40026",
"datePublished": "2022-09-21T17:11:40",
"dateReserved": "2022-09-06T00:00:00",
"dateUpdated": "2024-08-03T12:07:43.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}