Remyandrade Daily Habit Tracker vulnerabilities
5 known vulnerabilities affecting remyandrade/daily_habit_tracker.
Total CVEs
5
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-24496P2CRITICALCVSS 9.8PoCv1.02024-02-08
CVE-2024-24496 [CRITICAL] CWE-287 CVE-2024-24496: An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.p
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.
nvd
CVE-2024-24495P2CRITICALCVSS 9.8PoCv1.02024-02-08
CVE-2024-24495 [CRITICAL] CWE-89 CVE-2024-24495: SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attac
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
nvd
CVE-2024-24494P3MEDIUMCVSS 6.1PoCv1.02024-02-08
CVE-2024-24494 [MEDIUM] CWE-79 CVE-2024-24494: Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.
nvd
CVE-2024-24140P3HIGHCVSS 7.2v1.02024-01-29
CVE-2024-24140 [HIGH] CWE-89 CVE-2024-24140: Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'
Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'
nvd
CVE-2024-2075P4MEDIUMCVSS 5.4v1.02024-03-01
CVE-2024-2075 [MEDIUM] CWE-79 CVE-2024-2075: A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problem
A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the publ
nvd