Automated Voting System
Monthly
SQL injection in code-projects Automated Voting System 1.0 allows authenticated remote attackers to manipulate the Username parameter in /admin/user.php, enabling unauthorized database queries with limited confidentiality and integrity impact. The vulnerability requires valid login credentials (PR:L) and has publicly available exploit code, though real-world exploitation risk is minimal given the CVSS 2.1 score and 0.03% EPSS percentile.
SQL injection in Automated Voting System 1.0 allows high-privileged remote attackers to manipulate the Password parameter in /admin/update_user.php, potentially causing limited confidentiality and integrity impacts. The vulnerability requires admin-level privileges (PR:H) to exploit and has publicly available exploit code, but carries very low real-world risk due to EPSS of 0.01% and the high privilege requirement that limits practical attack surface.
SQL injection in Automated Voting System 1.0 allows authenticated remote attackers to manipulate the firstname parameter in /admin/add_candidate_modal.php, resulting in limited confidentiality, integrity, and availability impact. The vulnerability has a very low CVSS score (2.1) due to requirement for authenticated access and limited scope, but publicly available exploit code exists. Active exploitation is not confirmed in CISA KEV, and the EPSS score of 0.01% indicates minimal real-world exploitation probability despite public POC availability.
A security vulnerability in A vulnerability classified as problematic (CVSS 5.3). Risk factors: public PoC available.
SQL injection in code-projects Automated Voting System 1.0 allows authenticated remote attackers to manipulate the Username parameter in /admin/user.php, enabling unauthorized database queries with limited confidentiality and integrity impact. The vulnerability requires valid login credentials (PR:L) and has publicly available exploit code, though real-world exploitation risk is minimal given the CVSS 2.1 score and 0.03% EPSS percentile.
SQL injection in Automated Voting System 1.0 allows high-privileged remote attackers to manipulate the Password parameter in /admin/update_user.php, potentially causing limited confidentiality and integrity impacts. The vulnerability requires admin-level privileges (PR:H) to exploit and has publicly available exploit code, but carries very low real-world risk due to EPSS of 0.01% and the high privilege requirement that limits practical attack surface.
SQL injection in Automated Voting System 1.0 allows authenticated remote attackers to manipulate the firstname parameter in /admin/add_candidate_modal.php, resulting in limited confidentiality, integrity, and availability impact. The vulnerability has a very low CVSS score (2.1) due to requirement for authenticated access and limited scope, but publicly available exploit code exists. Active exploitation is not confirmed in CISA KEV, and the EPSS score of 0.01% indicates minimal real-world exploitation probability despite public POC availability.
A security vulnerability in A vulnerability classified as problematic (CVSS 5.3). Risk factors: public PoC available.