cbcvebase.

Remyandrade Daily Habit Tracker vulnerabilities

5 known vulnerabilities affecting remyandrade/daily_habit_tracker.

Total CVEs
5
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-24496P2CRITICALCVSS 9.8PoCv1.02024-02-08
CVE-2024-24496 [CRITICAL] CWE-287 CVE-2024-24496: An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.p An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.
nvd
CVE-2024-24495P2CRITICALCVSS 9.8PoCv1.02024-02-08
CVE-2024-24495 [CRITICAL] CWE-89 CVE-2024-24495: SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attac SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
nvd
CVE-2024-24494P3MEDIUMCVSS 6.1PoCv1.02024-02-08
CVE-2024-24494 [MEDIUM] CWE-79 CVE-2024-24494: Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.
nvd
CVE-2024-24140P3HIGHCVSS 7.2v1.02024-01-29
CVE-2024-24140 [HIGH] CWE-89 CVE-2024-24140: Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.' Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'
nvd
CVE-2024-2075P4MEDIUMCVSS 5.4v1.02024-03-01
CVE-2024-2075 [MEDIUM] CWE-79 CVE-2024-2075: A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problem A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the publ
nvd
Remyandrade Daily Habit Tracker vulnerabilities | cvebase