Skip to main content
CVE-2024-25316 CRITICAL POC Act Now

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25315 CRITICAL POC Act Now

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25314 CRITICAL POC Act Now

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25307 CRITICAL POC Act Now

Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cinema Seat Reservation System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25302 CRITICAL POC Act Now

Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Event Student Attendance System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-21762 CRITICAL POC KEV THREAT Act Now

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Fortinet Memory Corruption Fortiproxy Fortios
NVD
CVSS 3.1
9.8
EPSS
83.4%
CVE-2024-25675 CRITICAL PATCH Act Now

An issue was discovered in MISP before 2.4.184. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25674 CRITICAL PATCH Act Now

An issue was discovered in MISP before 2.4.184. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6677 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection.1.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Online Collection
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-25678 CRITICAL PATCH Act Now

In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Lsquic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-24308 CRITICAL PATCH Act Now

SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Boostmyshop
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1353 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Phpems
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy