Sourcecodester Simple Online Bidding System vulnerabilities
17 known vulnerabilities affecting sourcecodester/simple_online_bidding_system.
Total CVEs
17
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM16
Vulnerabilities
Page 1 of 1
CVE-2024-7911MEDIUMCVSS 5.3v1.02024-08-18
CVE-2024-7911 [MEDIUM] CWE-73 CVE-2024-7911: A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.php. The manipulation of the argument page leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the p
cvelistv5nvd
CVE-2024-7799MEDIUMCVSS 6.9v1.02024-08-15
CVE-2024-7799 [MEDIUM] CWE-285 CVE-2024-7799: A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as c
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/bidding/admin/users.php. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the
cvelistv5nvd
CVE-2024-7798MEDIUMCVSS 6.9v1.02024-08-15
CVE-2024-7798 [MEDIUM] CWE-89 CVE-2024-7798: A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared a
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login2. The manipulation of the argument username leads to sql injection. The attack can be launched remotely.
cvelistv5nvd
CVE-2024-7800MEDIUMCVSS 5.3v1.02024-08-15
CVE-2024-7800 [MEDIUM] CWE-89 CVE-2024-7800: A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System
A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=delete_product. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been di
cvelistv5nvd
CVE-2024-7797MEDIUMCVSS 6.9v1.02024-08-15
CVE-2024-7797 [MEDIUM] CWE-89 CVE-2024-7797: A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. Affected is an unknown function of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has b
cvelistv5nvd
CVE-2024-6417MEDIUMCVSS 5.3v1.02024-06-30
CVE-2024-6417 [MEDIUM] CWE-89 CVE-2024-6417: A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as c
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public an
cvelistv5nvd
CVE-2024-6280MEDIUMCVSS 5.3v1.02024-06-24
CVE-2024-6280 [MEDIUM] CWE-434 CVE-2024-6280: A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public
cvelistv5nvd
CVE-2024-5437MEDIUMCVSS 5.3v1.02024-05-29
CVE-2024-5437 [MEDIUM] CWE-79 CVE-2024-5437: A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the
cvelistv5nvd
CVE-2024-5428MEDIUMCVSS 6.9v1.02024-05-28
CVE-2024-5428 [MEDIUM] CWE-352 CVE-2024-5428: A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1
A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=manage_product of the component HTTP POST Request Handler. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The a
cvelistv5nvd
CVE-2024-4927MEDIUMCVSS 6.9v1.02024-05-16
CVE-2024-4927 [MEDIUM] CWE-434 CVE-2024-4927: A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared a
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been
cvelistv5nvd
CVE-2024-4931MEDIUMCVSS 5.3v1.02024-05-16
CVE-2024-4931 [MEDIUM] CWE-89 CVE-2024-4931: A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bi
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. This issue affects some unknown processing of the file /simple-online-bidding-system/admin/index.php?page=view_udet. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been
cvelistv5nvd
CVE-2024-4930MEDIUMCVSS 5.3v1.02024-05-16
CVE-2024-4930 [MEDIUM] CWE-89 CVE-2024-4930: A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0.
A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0. This vulnerability affects unknown code of the file /simple-online-bidding-system/index.php?page=view_prod. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public an
cvelistv5nvd
CVE-2024-4932MEDIUMCVSS 5.3v1.02024-05-16
CVE-2024-4932 [MEDIUM] CWE-89 CVE-2024-4932: A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Affected is an unknown function of the file /simple-online-bidding-system/admin/index.php?page=manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclo
cvelistv5nvd
CVE-2024-4929MEDIUMCVSS 6.9v1.02024-05-16
CVE-2024-4929 [MEDIUM] CWE-352 CVE-2024-4929: A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding Sys
A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the
cvelistv5nvd
CVE-2024-4933MEDIUMCVSS 5.3v1.02024-05-16
CVE-2024-4933 [MEDIUM] CWE-89 CVE-2024-4933: A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as
A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploi
cvelistv5nvd
CVE-2024-4928MEDIUMCVSS 5.3v1.02024-05-16
CVE-2024-4928 [MEDIUM] CWE-89 CVE-2024-4928: A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as c
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit ha
cvelistv5nvd
CVE-2024-2077CRITICALCVSS 9.8v1.02024-03-01
CVE-2024-2077 [MEDIUM] CWE-89 CVE-2024-2077: A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System
A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VD
cvelistv5nvd