Oretnom23

Lost And Found Information System

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-37859

Exploit
  • EPSS 0.14%
  • Veröffentlicht 29.07.2024 19:15:12
  • Zuletzt bearbeitet 23.04.2025 14:41:14

Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php.

9.8

CVE-2024-37858

Exploit
  • EPSS 0.46%
  • Veröffentlicht 29.07.2024 19:15:12
  • Zuletzt bearbeitet 23.04.2025 14:41:19

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php.

8.8

CVE-2024-37857

Exploit
  • EPSS 0.46%
  • Veröffentlicht 29.07.2024 19:15:12
  • Zuletzt bearbeitet 23.04.2025 14:35:53

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php.

5.4

CVE-2024-37856

  • EPSS 0.2%
  • Veröffentlicht 29.07.2024 19:15:12
  • Zuletzt bearbeitet 21.11.2024 09:24:24

Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.

8.4

CVE-2023-33676

  • EPSS 0.47%
  • Veröffentlicht 07.03.2024 09:15:38
  • Zuletzt bearbeitet 01.05.2025 00:24:39

Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*" which can be escalated to the remote command execution.

7.5

CVE-2023-33677

  • EPSS 0.06%
  • Veröffentlicht 06.03.2024 01:15:06
  • Zuletzt bearbeitet 15.01.2025 16:39:16

Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".

9.8

CVE-2023-38965

Exploit
  • EPSS 0.1%
  • Veröffentlicht 03.11.2023 05:15:29
  • Zuletzt bearbeitet 11.11.2025 17:15:35

Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.

9.8

CVE-2023-5018

  • EPSS 0.04%
  • Veröffentlicht 17.09.2023 04:15:10
  • Zuletzt bearbeitet 21.11.2024 08:40:54

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of t...

6.1

CVE-2023-36159

  • EPSS 0.1%
  • Veröffentlicht 04.08.2023 00:15:13
  • Zuletzt bearbeitet 21.11.2024 08:09:21

Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.

9.8

CVE-2023-3850

  • EPSS 0.05%
  • Veröffentlicht 23.07.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 08:18:13

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST...