OS command injection in D-Link DI-7001 MINI firmware 24.04.18B1 allows authenticated remote attackers to execute arbitrary system commands via manipulation of the path argument in /upgrade_filter.asp. Public exploit code is available, though the CVSS 2.1 score and 0.07% EPSS percentile indicate limited real-world exploitation likelihood despite the vulnerability's remote network accessibility.
Stored cross-site scripting (XSS) in PHPGurukul Cyber Cafe Management System 1.0 allows remote attackers to inject malicious scripts via the searchdata POST parameter in /search.php, requiring user interaction to execute. The vulnerability has a low CVSS score (2.1) due to limited impact scope, but publicly available exploit code exists and the EPSS score (0.05%, 14th percentile) suggests minimal real-world exploitation likelihood despite public availability.
Unrestricted file upload in code-projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload files via manipulation of the image parameter in /admin/addslideexec.php, leading to potential remote code execution. The CVSS score of 2.1 reflects low confidentiality, integrity, and availability impact due to authentication requirements (PR:L), but publicly available exploit code exists and the low EPSS score (0.05%, 14th percentile) indicates exploitation is unlikely to be widespread in practice.
Code-Projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via manipulation of the image parameter in /admin/addgalleryexec.php, bypassing file upload restrictions. The vulnerability requires valid admin credentials (PR:L in CVSS vector) and results in limited confidentiality, integrity, and availability impact. Public exploit code is available, though the low EPSS score (0.04%) and limited scope suggest this is not actively exploited at scale.
Unrestricted file upload in code-projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/addexec.php, potentially leading to remote code execution. The vulnerability has a low CVSS score (2.1) due to requirement for low-privilege authentication and limited impact scope, but publicly available exploit code exists and the issue affects confidentiality, integrity, and availability at the application layer.
Unrestricted file upload in code-projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/editpicexec.php, potentially leading to remote code execution. The vulnerability affects a low-impact scope but is publicly exploitable by authenticated users; EPSS scores this at 0.04% exploitation probability despite public POC availability, indicating limited real-world adoption of the vulnerable software.
Unrestricted file upload vulnerability in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to upload arbitrary files via manipulation of the image parameter in /profile.php, with publicly available exploit code and low real-world risk despite network accessibility due to authentication requirement and minimal impact scope.
SQL injection in Campcodes Advanced Online Voting System 1.0 allows authenticated remote attackers to manipulate the firstname parameter in /admin/voters_add.php, leading to limited confidentiality and integrity impact. The vulnerability requires valid user credentials (PR:L) and has a publicly available exploit, but EPSS scoring (0.03%, percentile 8%) suggests low real-world exploitation probability despite public POC availability.
SQL injection in Campcodes Advanced Online Voting Management System 1.0 allows authenticated remote attackers to manipulate the voter parameter in /index.php, potentially leading to unauthorized data access or modification. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited confidentiality impact, but publicly available exploit code exists and exploitation probability is rated at 8th percentile by EPSS, suggesting this remains a lower-priority issue despite public POC availability.
SQL injection in Simple Banking System 1.0 via the ID parameter in /transfermoney.php allows authenticated remote attackers to execute arbitrary SQL queries with low impact on confidentiality, integrity, and availability. The vulnerability requires login credentials (PR:L) and exploitation probability is low (EPSS 0.03%), but publicly available exploit code exists and disclosure has occurred.
SQL injection in Simple Banking System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /removeuser.php, leading to unauthorized database queries with limited information disclosure impact. The CVSS score of 2.1 reflects restricted exploitation scope (authenticated access required, PR:L), but publicly available exploit code exists, warranting patched deployment if still in use.
SQL injection in Simple Banking System 1.0 allows authenticated remote attackers to manipulate the Name parameter in /createuser.php and execute arbitrary SQL queries, resulting in limited impact to confidentiality, integrity, and availability. The vulnerability has a low CVSS score of 2.1 due to requirement for prior authentication (PR:L) and limited scope of impact, but publicly available exploit code exists and the EPSS score of 0.03% suggests minimal real-world exploitation probability despite public POC availability.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the ID parameter in /del_tax.php. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited technical impact, but publicly available exploit code exists and the EPSS score of 0.03% indicates minimal real-world exploitation probability despite public POC availability.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the percentage argument in /pages/save_tax.php, enabling database query modification with limited confidentiality and integrity impact. Publicly available exploit code exists, though EPSS score of 0.03% suggests low real-world exploitation probability despite the SQL injection capability.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_booking.php, enabling unauthorized database queries with limited impact on confidentiality and integrity. Publicly available exploit code exists, but the EPSS score of 0.03% indicates minimal real-world exploitation probability despite low attack complexity, likely due to authentication requirement and limited scope of impact.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_curr.php, enabling database query modification with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; however, the EPSS score of 0.03% indicates low real-world exploitation probability despite public disclosure, suggesting limited practical risk in typical deployments.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the currcode parameter in /pages/save_curr.php, enabling arbitrary SQL query execution with limited confidentiality and integrity impact. CVSS 2.1 reflects the authentication requirement (PR:L) and restricted scope, but publicly available exploit code exists despite low EPSS score (0.03%), suggesting this is a low-priority threat suitable only for defense-in-depth and secure coding reviews rather than emergency patching.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_room.php, enabling database query modification with limited confidentiality and integrity impact. Publicly available exploit code exists; however, EPSS score of 0.03% indicates minimal real-world exploitation probability despite low attack complexity, suggesting this is primarily a security researcher proof-of-concept rather than an active threat.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the floorno parameter in /pages/save_room.php, affecting data confidentiality and integrity with limited scope. CVSS score of 2.1 reflects low severity due to authentication requirement and limited impact, though publicly available exploit code exists and EPSS suggests minimal real-world exploitation probability at 0.03%.
Out-of-bounds read vulnerability in GNU Binutils 2.45 linker allows local authenticated attackers to trigger memory access violations via crafted input to the get_link_hash_entry function in bfd/elflink.c. The vulnerability has low severity (CVSS 1.9) with minimal direct impact but publicly available exploit code exists. Upgrade to version 2.46 resolves the issue.
Out-of-bounds read in GNU Binutils 2.45 linker component affects the bfd_elf_gc_record_vtentry function in bfd/elflink.c, allowing authenticated local attackers to trigger memory access violations. The CVSS score of 1.9 reflects low real-world impact (no confidentiality, integrity, or system-level damage) despite the out-of-bounds read classification, suggesting this is primarily a denial-of-service vector or development/debugging concern rather than a critical exploitation pathway. Publicly available exploit code exists, but EPSS exploitation probability remains very low at 0.03 percentile, indicating minimal real-world adoption despite public disclosure.
Out-of-bounds read in GNU Binutils 2.45 linker function elf_link_add_object_symbols allows local authenticated attackers to trigger memory disclosure or denial of service by providing a malformed ELF object file. Publicly available exploit code exists, though EPSS assessment indicates very low exploitation probability (0.03%) in practice. Patch available in version 2.46.
CVE-2022-50522 is a security vulnerability (CVSS 3.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Information disclosure in kaifangqian-base's SysUserController.getAllUsers endpoint allows authenticated remote attackers to retrieve sensitive user data. The vulnerability affects the function up to commit 7b3faecda13848b3ced6c17c7423b76c5b47b8ab and requires login credentials (PR:L in CVSS 4.0), limiting exposure to authenticated users. Public exploit code exists, but the low CVSS score (2.1) and minimal EPSS percentile (8%) suggest limited real-world exploitation despite public availability.