Geraldo Alcantara's repositories
CVE-2023-50071
Multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department in Customer Support System 1.0 allow authenticated attackers to execute arbitrary SQL commands via id or name.
CVE-2023-50070
Multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket in Customer Support System 1.0 allow authenticated attackers to execute arbitrary SQL commands via department_id, customer_id and subject.
CVE-2023-51800
Multiple cross-site scripting (XSS) vulnerabilities in School Fees Management System v1.0.
CVE-2023-51801
Simple Student Attendance System v.1.0 - Multiple SQL injection vulnerabilities - student_form.php and class_form.php
CVE-2023-51802
Simple Student Attendance System v.1.0 - Cross-site scripting (XSS) vulnerabilities in attendance_report
CVE-2023-49539
Book Store Management System v1.0 - Cross-site scripting (XSS) vulnerability in "index.php/category" - vulnerable field: "Category Name"
CVE-2023-49540
Book Store Management System v1.0 - Cross-site scripting (XSS) vulnerability in /index.php/history - vulnerable field: "Customer's Name".
CVE-2023-49546
Customer Support System 1.0 - SQL Injection Vulnerability in the "email" Parameter During "save_staff" Operation
CVE-2023-49547
Customer Support System 1.0 - SQL Injection Login Bypass
CVE-2023-49548
Customer Support System 1.0 - SQL Injection Vulnerability in the "lastname" Parameter During "save_user" Operation
CVE-2023-49968
Customer Support System 1.0 - SQL Injection Vulnerability in manage_department.php via "id" URL Parameter
CVE-2023-49969
Customer Support System 1.0 - SQL Injection Vulnerability in edit_customer via "id" URL Parameter
CVE-2023-49970
Customer Support System 1.0 - SQL Injection Vulnerability in the "subject" Parameter During "save_ticket" Operation
CVE-2023-49971
Customer Support System 1.0 - (XSS) Cross-Site Scripting Vulnerability in the "firstname" parameter at "customer_list
CVE-2023-49973
Customer Support System 1.0 - Cross-Site Scripting (XSS) Vulnerability in "email" field/parameter on "customer_list" Page
CVE-2023-49974
Customer Support System 1.0 - Cross-Site Scripting (XSS) Vulnerability in "contact" field/parameter on "customer_list" Page
CVE-2023-49976
Customer Support System 1.0 is vulnerable to stored XSS. A XSS vulnerability exists in version 1 of the Customer Support System. A malicious actor can insert JavaScript code through the "subject" field when editing/creating a ticket.
CVE-2023-49977
Customer Support System 1.0 - Cross-Site Scripting (XSS) Vulnerability in "Address" field/parameter on "customer_list" Page
CVE-2023-49978
Customer Support System 1.0 - Incorrect Access Control
CVE-2023-49979
Best Student Management System v1.0 - Incorrect Access Control - Directory Listing
CVE-2023-49981
School Fees Management System v1.0 - Incorrect Access Control - Directory Listing
CVE-2023-49982
School Fees Management System v1.0 - Incorrect Access Control - Privilege Escalation
CVE-2023-49983
School Fees Management System v1.0 - Cross-Site Scripting (XSS) Vulnerability in "name" field/parameter on "/management/class"
CVE-2023-49984
School Fees Management System v1.0 - Cross-Site Scripting (XSS) Vulnerability in "name" field/parameter on "/management/settings"
CVE-2023-49985
School Fees Management System v1.0 - Cross-Site Scripting (XSS) Vulnerability in "cname" parameter on "new_class"
CVE-2023-49986
School Fees Management System v1.0 - Cross-Site Scripting (XSS) Vulnerability in "name" parameter on "add_new_parent"
CVE-2023-49987
School Fees Management System v1.0 - Cross-Site Scripting (XSS) Vulnerability in "tname" parameter on "new_term"
CVE-2023-49988
Hotel Booking Management v1.0 - SQL Injection Vulnerability in the "npss" parameter at rooms.php
CVE-2023-49989
Hotel Booking Management v1.0 - SQL Injection Vulnerability in the "id" parameter at update.php
CVE-2023-51281
Multiple cross-site scripting (XSS) vulnerabilities in /customer_support/ajax.php?action=save_customer in Customer Support System 1.0 allow authenticated attackers to execute to execute arbitrary web scripts or HTML via a crafted payload injected into the “firstname”, "lastname", "middlename", "contact" or “address” parameters.