Online Complaint Site
Monthly
SQL injection in code-projects Online Complaint Site 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the Category parameter in /admin/category.php, with publicly available exploit code. CVSS score of 2.1 reflects limited confidentiality impact and requirement for low-privilege authentication; EPSS of 0.03% indicates very low real-world exploitation probability despite public POC availability.
SQL injection in Online Complaint Site 1.0 allows authenticated remote attackers to manipulate the state parameter in /cms/admin/state.php, enabling data exfiltration or modification with limited scope. Publicly available exploit code exists; however, the CVSS 2.1 score and 0.03% EPSS percentile indicate low real-world exploitation risk despite the presence of proof-of-concept.
SQL injection in code-projects Online Complaint Site 1.0 allows authenticated remote attackers to manipulate the cid parameter in /cms/users/complaint-details.php, leading to limited data exposure. The vulnerability requires valid user authentication and has a publicly available proof-of-concept, but the EPSS score of 0.03% and CVSS impact metrics (VC:L/VI:L/VA:L) indicate low real-world exploitation probability despite public availability of exploit code.
SQL injection in code-projects Online Complaint Site 1.0 allows authenticated remote attackers to manipulate the cid parameter in /cms/users/register-complaint.php, resulting in limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, though the EPSS score of 0.03% and requirement for prior authentication significantly constrain real-world exploitation risk compared to the CVSSv4 score of 2.1.
SQL injection in code-projects Online Complaint Site 1.0 allows authenticated remote attackers to manipulate the Username parameter in /cms/users/index.php and execute arbitrary SQL queries with limited impact to confidentiality, integrity, and availability. The CVSS 2.1 score and 0.03% EPSS percentile indicate low real-world risk despite public exploit availability, likely due to the authentication requirement (PR:L) and constrained impact scope.
SQL injection in code-projects Online Complaint Site 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the Category parameter in /admin/category.php, with publicly available exploit code. CVSS score of 2.1 reflects limited confidentiality impact and requirement for low-privilege authentication; EPSS of 0.03% indicates very low real-world exploitation probability despite public POC availability.
SQL injection in Online Complaint Site 1.0 allows authenticated remote attackers to manipulate the state parameter in /cms/admin/state.php, enabling data exfiltration or modification with limited scope. Publicly available exploit code exists; however, the CVSS 2.1 score and 0.03% EPSS percentile indicate low real-world exploitation risk despite the presence of proof-of-concept.
SQL injection in code-projects Online Complaint Site 1.0 allows authenticated remote attackers to manipulate the cid parameter in /cms/users/complaint-details.php, leading to limited data exposure. The vulnerability requires valid user authentication and has a publicly available proof-of-concept, but the EPSS score of 0.03% and CVSS impact metrics (VC:L/VI:L/VA:L) indicate low real-world exploitation probability despite public availability of exploit code.
SQL injection in code-projects Online Complaint Site 1.0 allows authenticated remote attackers to manipulate the cid parameter in /cms/users/register-complaint.php, resulting in limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, though the EPSS score of 0.03% and requirement for prior authentication significantly constrain real-world exploitation risk compared to the CVSSv4 score of 2.1.
SQL injection in code-projects Online Complaint Site 1.0 allows authenticated remote attackers to manipulate the Username parameter in /cms/users/index.php and execute arbitrary SQL queries with limited impact to confidentiality, integrity, and availability. The CVSS 2.1 score and 0.03% EPSS percentile indicate low real-world risk despite public exploit availability, likely due to the authentication requirement (PR:L) and constrained impact scope.