Vulnerabilites related to oretnom23 - lost_and_found_information_system
Vulnerability from fkie_nvd
Published
2023-05-12 07:15
Modified
2024-11-21 07:59
Summary
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228883.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228883.",
      },
   ],
   id: "CVE-2023-2667",
   lastModified: "2024-11-21T07:59:02.413",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 1.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-12T07:15:08.627",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2667.md",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228883",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228883",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2667.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228883",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228883",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "cna@vuldb.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-15 09:15
Modified
2024-11-21 08:17
Summary
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability.
References
cna@vuldb.comhttps://vuldb.com/?ctiid.234225Permissions Required, Third Party Advisory
cna@vuldb.comhttps://vuldb.com/?id.234225Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?ctiid.234225Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?id.234225Permissions Required, Third Party Advisory
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability.",
      },
   ],
   id: "CVE-2023-3680",
   lastModified: "2024-11-21T08:17:49.467",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-15T09:15:09.803",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.234225",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.234225",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.234225",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.234225",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "cna@vuldb.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-08-04 00:15
Modified
2024-11-21 08:09
Summary
Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.",
      },
   ],
   id: "CVE-2023-36159",
   lastModified: "2024-11-21T08:09:21.970",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-08-04T00:15:13.587",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Not Applicable",
         ],
         url: "http://lost.com",
      },
      {
         source: "cve@mitre.org",
         url: "https://cyberredteam.tech/posts/cve-2023-36159/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
         ],
         url: "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Not Applicable",
         ],
         url: "http://lost.com",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://cyberredteam.tech/posts/cve-2023-36159/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
         ],
         url: "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-09-17 04:15
Modified
2024-11-21 08:40
Summary
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad ha sido encontrada en SourceCodester Lost and Found Information System 1.0 y clasificada como crítica. Una parte desconocida del archivo /classes/Master.php?f=save_category del componente POST Parameter Handler afecta a una parte desconocida. La manipulación del argumento id conduce a la inyección de SQL. Es posible iniciar el ataque de forma remota. El identificador asociado de esta vulnerabilidad es VDB-239859.",
      },
   ],
   id: "CVE-2023-5018",
   lastModified: "2024-11-21T08:40:54.073",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-09-17T04:15:10.497",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.239859",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.239859",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.239859",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.239859",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "cna@vuldb.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2024-03-06 01:15
Modified
2025-01-15 16:39
Summary
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at \"?page=items/view&id=*\".",
      },
      {
         lang: "es",
         value: "Sourcecodester Lost and Found Information System's Version 1.0 es vulnerable a una inyección SQL no autenticada en \"?page=items/view&id=*\".",
      },
   ],
   id: "CVE-2023-33677",
   lastModified: "2025-01-15T16:39:16.760",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.5,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2024-03-06T01:15:06.960",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Not Applicable",
         ],
         url: "http://wwwsourcecodestercom.com",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/ASR511-OO7/CVE-2023-33677/blob/main/CVE-29",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Not Applicable",
         ],
         url: "http://wwwsourcecodestercom.com",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/ASR511-OO7/CVE-2023-33677/blob/main/CVE-29",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-11 09:15
Modified
2024-11-21 07:59
Summary
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_item. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228780.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_item. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228780.",
      },
   ],
   id: "CVE-2023-2652",
   lastModified: "2024-11-21T07:59:00.557",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-11T09:15:09.313",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.md#2classesmasterphpfdelete_item",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228780",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228780",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.md#2classesmasterphpfdelete_item",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228780",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228780",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "cna@vuldb.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-11 09:15
Modified
2024-11-21 07:59
Summary
A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228781 was assigned to this vulnerability.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228781 was assigned to this vulnerability.",
      },
   ],
   id: "CVE-2023-2653",
   lastModified: "2024-11-21T07:59:00.687",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-11T09:15:09.723",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.md",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228781",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228781",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228781",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228781",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "cna@vuldb.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-06-28 20:15
Modified
2024-11-21 08:05
Severity ?
Summary
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.",
      },
   ],
   id: "CVE-2023-33592",
   lastModified: "2024-11-21T08:05:45.073",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-06-28T20:15:09.593",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://packetstormsecurity.com/files/173331/Lost-And-Found-Information-System-1.0-SQL-Injection.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/DARSHANAGUPTA10/CVE/blob/main/CVE-2023-33592",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
         ],
         url: "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/173331/Lost-And-Found-Information-System-1.0-SQL-Injection.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/DARSHANAGUPTA10/CVE/blob/main/CVE-2023-33592",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
         ],
         url: "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-11-03 05:15
Modified
2024-11-21 08:14
Severity ?
Summary
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.",
      },
      {
         lang: "es",
         value: "Lost and Found Information System 1.0 permite la toma de control de cuentas mediante nombre de usuario y contraseña en un /classes/Users.php?f=save URI.",
      },
   ],
   id: "CVE-2023-38965",
   lastModified: "2024-11-21T08:14:32.650",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-11-03T05:15:29.400",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-639",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-31 15:15
Modified
2024-11-21 08:16
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/?page=user/manage_user of the component Manage User Page. The manipulation of the argument First Name/Middle Name/Last Name leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230361 was assigned to this vulnerability.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/?page=user/manage_user of the component Manage User Page. The manipulation of the argument First Name/Middle Name/Last Name leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230361 was assigned to this vulnerability.",
      },
   ],
   id: "CVE-2023-3017",
   lastModified: "2024-11-21T08:16:15.047",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "MULTIPLE",
               availabilityImpact: "NONE",
               baseScore: 3.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:M/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.4,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 2.4,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 0.9,
            impactScore: 1.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.3,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-31T15:15:09.627",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
         ],
         url: "https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-html-injection-3596f2b856c0",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.230361",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.230361",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-html-injection-3596f2b856c0",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.230361",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.230361",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-80",
            },
         ],
         source: "cna@vuldb.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-14 12:15
Modified
2024-11-21 07:59
Summary
A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980.",
      },
   ],
   id: "CVE-2023-2699",
   lastModified: "2024-11-21T07:59:06.680",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-14T12:15:09.267",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/img/view_item.png",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://vuldb.com/?ctiid.228980",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://vuldb.com/?id.228980",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/img/view_item.png",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://vuldb.com/?ctiid.228980",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://vuldb.com/?id.228980",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "cna@vuldb.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-15 09:15
Modified
2024-11-21 08:17
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224.
References
cna@vuldb.comhttps://vuldb.com/?ctiid.234224Permissions Required, Third Party Advisory
cna@vuldb.comhttps://vuldb.com/?id.234224Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?ctiid.234224Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?id.234224Permissions Required, Third Party Advisory
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224.",
      },
   ],
   id: "CVE-2023-3679",
   lastModified: "2024-11-21T08:17:49.317",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-15T09:15:09.403",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.234224",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.234224",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.234224",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.234224",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "cna@vuldb.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-12 09:15
Modified
2024-11-21 07:59
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228887.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228887.",
      },
   ],
   id: "CVE-2023-2671",
   lastModified: "2024-11-21T07:59:03.000",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 1.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-12T09:15:10.447",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2671.md",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228887",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228887",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2671.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228887",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228887",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "cna@vuldb.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-14 12:15
Modified
2024-11-21 07:59
Summary
A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228979.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228979.",
      },
   ],
   id: "CVE-2023-2698",
   lastModified: "2024-11-21T07:59:06.553",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-14T12:15:09.207",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/img/edit_item.png",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://vuldb.com/?ctiid.228979",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://vuldb.com/?id.228979",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/img/edit_item.png",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://vuldb.com/?ctiid.228979",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://vuldb.com/?id.228979",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "cna@vuldb.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-31 15:15
Modified
2024-11-21 08:16
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability.",
      },
   ],
   id: "CVE-2023-3018",
   lastModified: "2024-11-21T08:16:15.200",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-31T15:15:09.713",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-idor-cve-2023-977966c4450d",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.230362",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.230362",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-idor-cve-2023-977966c4450d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.230362",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.230362",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "cna@vuldb.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-12 08:15
Modified
2024-11-21 07:59
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228885 was assigned to this vulnerability.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228885 was assigned to this vulnerability.",
      },
   ],
   id: "CVE-2023-2669",
   lastModified: "2024-11-21T07:59:02.707",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-12T08:15:09.063",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2669.md",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228885",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228885",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2669.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228885",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228885",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "cna@vuldb.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-12 09:15
Modified
2024-11-21 07:59
Summary
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228888.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228888.",
      },
   ],
   id: "CVE-2023-2672",
   lastModified: "2024-11-21T07:59:03.143",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-12T09:15:10.520",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2672.md",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228888",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228888",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2672.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228888",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228888",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "cna@vuldb.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-06-09 06:16
Modified
2024-11-21 08:16
Summary
A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\\user\\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.",
      },
   ],
   id: "CVE-2023-3176",
   lastModified: "2024-11-21T08:16:37.740",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-06-09T06:16:12.497",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
         ],
         url: "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#7sql-injection-vulnerability-in-adminusermanage_userphp",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.231150",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.231150",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#7sql-injection-vulnerability-in-adminusermanage_userphp",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.231150",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.231150",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "cna@vuldb.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-06-09 06:16
Modified
2024-11-21 08:16
Summary
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\\inquiries\\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.",
      },
   ],
   id: "CVE-2023-3177",
   lastModified: "2024-11-21T08:16:37.877",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-06-09T06:16:12.870",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
         ],
         url: "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-admininquiriesview_inquiryphp",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.231151",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.231151",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-admininquiriesview_inquiryphp",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.231151",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.231151",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "cna@vuldb.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2024-07-29 19:15
Modified
2024-11-21 09:24
Summary
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.",
      },
      {
         lang: "es",
         value: " La vulnerabilidad de Cross Site Scripting en Lost and Found Information System 1.0 permite a un atacante remoto escalar privilegios a través de los campos de first, last y middle name en la página de perfil de usuario.",
      },
   ],
   id: "CVE-2024-37856",
   lastModified: "2024-11-21T09:24:24.297",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.3,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.3,
            impactScore: 2.7,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2024-07-29T19:15:12.177",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Not Applicable",
            "Product",
         ],
         url: "http://lost.com",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://packetstormsecurity.com/files/179078/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Not Applicable",
         ],
         url: "https://www.sourcecodester.com/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Not Applicable",
            "Product",
         ],
         url: "http://lost.com",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://packetstormsecurity.com/files/179078/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Not Applicable",
         ],
         url: "https://www.sourcecodester.com/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-12 08:15
Modified
2024-11-21 07:59
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability.",
      },
   ],
   id: "CVE-2023-2670",
   lastModified: "2024-11-21T07:59:02.867",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-12T08:15:09.130",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2670.md",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228886",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228886",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2670.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228886",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228886",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "cna@vuldb.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-23 10:15
Modified
2024-11-21 08:18
Summary
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.
References
cna@vuldb.comhttps://vuldb.com/?ctiid.235201Permissions Required, Third Party Advisory
cna@vuldb.comhttps://vuldb.com/?id.235201Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?ctiid.235201Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?id.235201Permissions Required, Third Party Advisory
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.",
      },
   ],
   id: "CVE-2023-3850",
   lastModified: "2024-11-21T08:18:13.027",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-23T10:15:09.657",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.235201",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.235201",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.235201",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.235201",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "cna@vuldb.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-12 07:15
Modified
2024-11-21 07:59
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228884.
Impacted products
Vendor Product Version
oretnom23 lost_and_found_information_system 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "14CF403B-DF0C-4796-8B10-689075DC8A35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228884.",
      },
   ],
   id: "CVE-2023-2668",
   lastModified: "2024-11-21T07:59:02.567",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "cna@vuldb.com",
            type: "Secondary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "cna@vuldb.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-12T07:15:08.733",
   references: [
      {
         source: "cna@vuldb.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2668.md",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228884",
      },
      {
         source: "cna@vuldb.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228884",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2668.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?ctiid.228884",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://vuldb.com/?id.228884",
      },
   ],
   sourceIdentifier: "cna@vuldb.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "cna@vuldb.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2023-38965
Vulnerability from cvelistv5
Published
2023-11-03 00:00
Modified
2024-09-05 14:55
Severity ?
Summary
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T17:54:39.827Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-38965",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-05T14:55:19.807076Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-05T14:55:48.890Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-11-03T04:08:48.245759",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt",
            },
            {
               url: "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-38965",
      datePublished: "2023-11-03T00:00:00",
      dateReserved: "2023-07-25T00:00:00",
      dateUpdated: "2024-09-05T14:55:48.890Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-2653
Vulnerability from cvelistv5
Published
2023-05-11 08:31
Modified
2024-08-02 06:26
Summary
A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228781 was assigned to this vulnerability.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:26:09.734Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.228781",
               },
               {
                  tags: [
                     "signature",
                     "permissions-required",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.228781",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.md",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "webray.com.cn (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228781 was assigned to this vulnerability.",
            },
            {
               lang: "de",
               value: "In SourceCodester Lost and Found Information System 1.0 wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Datei items/index.php. Durch die Manipulation des Arguments cid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 SQL Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T05:49:10.727Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.228781",
            },
            {
               tags: [
                  "signature",
                  "permissions-required",
               ],
               url: "https://vuldb.com/?ctiid.228781",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.md",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-05-11T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-05-11T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-05-11T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-06-07T14:42:28.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System index.php sql injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-2653",
      datePublished: "2023-05-11T08:31:04.876Z",
      dateReserved: "2023-05-11T07:47:16.815Z",
      dateUpdated: "2024-08-02T06:26:09.734Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-2670
Vulnerability from cvelistv5
Published
2023-05-12 08:00
Modified
2024-08-02 06:33
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:33:04.933Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.228886",
               },
               {
                  tags: [
                     "signature",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.228886",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2670.md",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "huutuanbg97 (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability.",
            },
            {
               lang: "de",
               value: "In SourceCodester Lost and Found Information System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei admin/?page=user/manage_user. Durch das Beeinflussen mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-284",
                     description: "CWE-284 Improper Access Controls",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T06:01:23.338Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.228886",
            },
            {
               tags: [
                  "signature",
               ],
               url: "https://vuldb.com/?ctiid.228886",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2670.md",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-05-12T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-05-12T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-05-12T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-06-08T09:05:02.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System access control",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-2670",
      datePublished: "2023-05-12T08:00:05.906Z",
      dateReserved: "2023-05-12T06:01:24.900Z",
      dateUpdated: "2024-08-02T06:33:04.933Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-33592
Vulnerability from cvelistv5
Published
2023-06-28 00:00
Modified
2024-11-27 15:03
Severity ?
Summary
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T15:47:06.424Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/DARSHANAGUPTA10/CVE/blob/main/CVE-2023-33592",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/173331/Lost-And-Found-Information-System-1.0-SQL-Injection.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-33592",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-27T15:03:44.966918Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-27T15:03:54.676Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-07T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html",
            },
            {
               url: "https://github.com/DARSHANAGUPTA10/CVE/blob/main/CVE-2023-33592",
            },
            {
               url: "http://packetstormsecurity.com/files/173331/Lost-And-Found-Information-System-1.0-SQL-Injection.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-33592",
      datePublished: "2023-06-28T00:00:00",
      dateReserved: "2023-05-22T00:00:00",
      dateUpdated: "2024-11-27T15:03:54.676Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-3177
Vulnerability from cvelistv5
Published
2023-06-09 06:00
Modified
2024-11-22 15:36
Summary
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:48:07.783Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.231151",
               },
               {
                  tags: [
                     "signature",
                     "permissions-required",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.231151",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-admininquiriesview_inquiryphp",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-3177",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-22T15:36:47.836140Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-22T15:36:59.661Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "hu faxiang (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\\inquiries\\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.",
            },
            {
               lang: "de",
               value: "In SourceCodester Lost and Found Information System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei admin\\inquiries\\view_inquiry.php. Durch Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 SQL Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T13:00:15.427Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.231151",
            },
            {
               tags: [
                  "signature",
                  "permissions-required",
               ],
               url: "https://vuldb.com/?ctiid.231151",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-admininquiriesview_inquiryphp",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-06-09T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-06-09T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-06-09T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-07-07T16:45:25.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System view_inquiry.php sql injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-3177",
      datePublished: "2023-06-09T06:00:04.330Z",
      dateReserved: "2023-06-09T05:24:42.143Z",
      dateUpdated: "2024-11-22T15:36:59.661Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-2669
Vulnerability from cvelistv5
Published
2023-05-12 07:31
Modified
2024-08-02 06:33
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228885 was assigned to this vulnerability.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:33:04.394Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.228885",
               },
               {
                  tags: [
                     "signature",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.228885",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2669.md",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               modules: [
                  "GET Parameter Handler",
               ],
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "huutuanbg97 (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228885 was assigned to this vulnerability.",
            },
            {
               lang: "de",
               value: "Es wurde eine Schwachstelle in SourceCodester Lost and Found Information System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei admin/?page=categories/view_category der Komponente GET Parameter Handler. Durch Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 SQL Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T06:00:10.041Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.228885",
            },
            {
               tags: [
                  "signature",
               ],
               url: "https://vuldb.com/?ctiid.228885",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2669.md",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-05-12T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-05-12T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-05-12T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-06-08T09:00:02.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System GET Parameter sql injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-2669",
      datePublished: "2023-05-12T07:31:03.431Z",
      dateReserved: "2023-05-12T06:01:20.250Z",
      dateUpdated: "2024-08-02T06:33:04.394Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-36159
Vulnerability from cvelistv5
Published
2023-08-03 00:00
Modified
2024-10-17 16:16
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T16:37:41.395Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://lost.com",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cyberredteam.tech/posts/cve-2023-36159/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-36159",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-17T16:16:37.375259Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-17T16:16:47.262Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-09T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html",
            },
            {
               url: "http://lost.com",
            },
            {
               url: "https://cyberredteam.tech/posts/cve-2023-36159/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-36159",
      datePublished: "2023-08-03T00:00:00",
      dateReserved: "2023-06-21T00:00:00",
      dateUpdated: "2024-10-17T16:16:47.262Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-5018
Vulnerability from cvelistv5
Published
2023-09-17 03:31
Modified
2024-08-02 07:44
Summary
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859.
References
https://vuldb.com/?id.239859vdb-entry, technical-description
https://vuldb.com/?ctiid.239859signature
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-5018",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-11T19:26:14.897432Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-11T19:26:22.102Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:44:53.511Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.239859",
               },
               {
                  tags: [
                     "signature",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.239859",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               modules: [
                  "POST Parameter Handler",
               ],
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "p1taya (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859.",
            },
            {
               lang: "de",
               value: "Es wurde eine Schwachstelle in SourceCodester Lost and Found Information System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /classes/Master.php?f=save_category der Komponente POST Parameter Handler. Durch Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 SQL Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T16:36:32.432Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.239859",
            },
            {
               tags: [
                  "signature",
               ],
               url: "https://vuldb.com/?ctiid.239859",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-09-16T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-09-16T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-09-16T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-10-12T14:20:07.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System POST Parameter sql injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-5018",
      datePublished: "2023-09-17T03:31:04.553Z",
      dateReserved: "2023-09-16T07:01:48.882Z",
      dateUpdated: "2024-08-02T07:44:53.511Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-2672
Vulnerability from cvelistv5
Published
2023-05-12 09:00
Modified
2024-08-02 06:33
Summary
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228888.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:33:04.338Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.228888",
               },
               {
                  tags: [
                     "signature",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.228888",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2672.md",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               modules: [
                  "GET Parameter Handler",
               ],
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "huutuanbg97 (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228888.",
            },
            {
               lang: "de",
               value: "Es wurde eine kritische Schwachstelle in SourceCodester Lost and Found Information System 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei items/view.php der Komponente GET Parameter Handler. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 SQL Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T06:03:49.823Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.228888",
            },
            {
               tags: [
                  "signature",
               ],
               url: "https://vuldb.com/?ctiid.228888",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2672.md",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-05-12T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-05-12T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-05-12T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-06-08T09:15:00.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System GET Parameter view.php sql injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-2672",
      datePublished: "2023-05-12T09:00:05.619Z",
      dateReserved: "2023-05-12T06:01:32.348Z",
      dateUpdated: "2024-08-02T06:33:04.338Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-2698
Vulnerability from cvelistv5
Published
2023-05-14 11:31
Modified
2024-08-02 06:33
Summary
A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228979.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:33:05.482Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.228979",
               },
               {
                  tags: [
                     "signature",
                     "permissions-required",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.228979",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/img/edit_item.png",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               modules: [
                  "GET Parameter Handler",
               ],
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "huutuanbg97 (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228979.",
            },
            {
               lang: "de",
               value: "In SourceCodester Lost and Found Information System 1.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei admin/?page=items/manage_item der Komponente GET Parameter Handler. Durch die Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 SQL Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T06:20:55.771Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.228979",
            },
            {
               tags: [
                  "signature",
                  "permissions-required",
               ],
               url: "https://vuldb.com/?ctiid.228979",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/img/edit_item.png",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-05-14T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-05-14T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-05-14T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-06-08T18:04:09.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System GET Parameter sql injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-2698",
      datePublished: "2023-05-14T11:31:04.283Z",
      dateReserved: "2023-05-14T07:59:39.949Z",
      dateUpdated: "2024-08-02T06:33:05.482Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-3680
Vulnerability from cvelistv5
Published
2023-07-15 09:00
Modified
2024-08-02 07:01
Summary
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability.
References
https://vuldb.com/?id.234225vdb-entry, technical-description
https://vuldb.com/?ctiid.234225signature
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:01:57.516Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.234225",
               },
               {
                  tags: [
                     "signature",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.234225",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               modules: [
                  "HTTP POST Request Handler",
               ],
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "ZFLY (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability.",
            },
            {
               lang: "de",
               value: "Es wurde eine Schwachstelle in SourceCodester Lost and Found Information System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /classes/Master.php?f=save_item der Komponente HTTP POST Request Handler. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 SQL Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T15:16:10.176Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.234225",
            },
            {
               tags: [
                  "signature",
               ],
               url: "https://vuldb.com/?ctiid.234225",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-07-15T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-07-15T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-07-15T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-08-06T09:04:53.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System HTTP POST Request sql injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-3680",
      datePublished: "2023-07-15T09:00:05.039Z",
      dateReserved: "2023-07-15T07:34:40.440Z",
      dateUpdated: "2024-08-02T07:01:57.516Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-2668
Vulnerability from cvelistv5
Published
2023-05-12 07:00
Modified
2024-08-02 06:33
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228884.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:33:03.985Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.228884",
               },
               {
                  tags: [
                     "signature",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.228884",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2668.md",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               modules: [
                  "GET Parameter Handler",
               ],
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "huutuanbg97 (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228884.",
            },
            {
               lang: "de",
               value: "Eine Schwachstelle wurde in SourceCodester Lost and Found Information System 1.0 gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion manager_category der Datei admin/?page=categories/manage_category der Komponente GET Parameter Handler. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 SQL Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T05:58:56.306Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.228884",
            },
            {
               tags: [
                  "signature",
               ],
               url: "https://vuldb.com/?ctiid.228884",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2668.md",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-05-12T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-05-12T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-05-12T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-06-08T08:55:50.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System GET Parameter manager_category sql injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-2668",
      datePublished: "2023-05-12T07:00:06.598Z",
      dateReserved: "2023-05-12T06:01:17.158Z",
      dateUpdated: "2024-08-02T06:33:03.985Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-3176
Vulnerability from cvelistv5
Published
2023-06-09 05:31
Modified
2024-08-02 06:48
Summary
A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:48:08.048Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.231150",
               },
               {
                  tags: [
                     "signature",
                     "permissions-required",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.231150",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#7sql-injection-vulnerability-in-adminusermanage_userphp",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "hu faxiang (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\\user\\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.",
            },
            {
               lang: "de",
               value: "Es wurde eine Schwachstelle in SourceCodester Lost and Found Information System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei admin\\user\\manage_user.php. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 SQL Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T12:59:01.178Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.231150",
            },
            {
               tags: [
                  "signature",
                  "permissions-required",
               ],
               url: "https://vuldb.com/?ctiid.231150",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#7sql-injection-vulnerability-in-adminusermanage_userphp",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-06-09T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-06-09T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-06-09T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-07-07T16:30:13.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System manage_user.php sql injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-3176",
      datePublished: "2023-06-09T05:31:03.360Z",
      dateReserved: "2023-06-09T05:24:40.068Z",
      dateUpdated: "2024-08-02T06:48:08.048Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-2652
Vulnerability from cvelistv5
Published
2023-05-11 08:31
Modified
2024-08-02 06:26
Summary
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_item. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228780.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:26:10.123Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.228780",
               },
               {
                  tags: [
                     "signature",
                     "permissions-required",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.228780",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.md#2classesmasterphpfdelete_item",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "webray.com.cn (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_item. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228780.",
            },
            {
               lang: "de",
               value: "Es wurde eine kritische Schwachstelle in SourceCodester Lost and Found Information System 1.0 entdeckt. Es betrifft eine unbekannte Funktion der Datei /classes/Master.php?f=delete_item. Mit der Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 SQL Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T05:47:57.500Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.228780",
            },
            {
               tags: [
                  "signature",
                  "permissions-required",
               ],
               url: "https://vuldb.com/?ctiid.228780",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.md#2classesmasterphpfdelete_item",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-05-11T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-05-11T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-05-11T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-06-07T14:34:48.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System sql injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-2652",
      datePublished: "2023-05-11T08:31:03.874Z",
      dateReserved: "2023-05-11T07:47:14.136Z",
      dateUpdated: "2024-08-02T06:26:10.123Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-2667
Vulnerability from cvelistv5
Published
2023-05-12 06:31
Modified
2024-08-02 06:26
Summary
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228883.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "lost_and_found_information_system",
                  vendor: "lost_and_found_information_system_project",
                  versions: [
                     {
                        status: "affected",
                        version: "1.0",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-2667",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-12T15:24:25.884162Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-12T20:56:20.031Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:26:09.900Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.228883",
               },
               {
                  tags: [
                     "signature",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.228883",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2667.md",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "huutuanbg97 (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228883.",
            },
            {
               lang: "de",
               value: "In SourceCodester Lost and Found Information System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei admin/. Mittels Manipulieren des Arguments page mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 3.5,
                  baseSeverity: "LOW",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 3.5,
                  baseSeverity: "LOW",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 4,
                  vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "CWE-79 Cross Site Scripting",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T05:57:43.076Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.228883",
            },
            {
               tags: [
                  "signature",
               ],
               url: "https://vuldb.com/?ctiid.228883",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2667.md",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-05-12T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-05-12T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-05-12T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-06-08T08:48:58.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System cross site scripting",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-2667",
      datePublished: "2023-05-12T06:31:04.065Z",
      dateReserved: "2023-05-12T06:01:10.919Z",
      dateUpdated: "2024-08-02T06:26:09.900Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-3679
Vulnerability from cvelistv5
Published
2023-07-15 08:31
Modified
2024-08-02 07:01
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224.
References
https://vuldb.com/?id.234224vdb-entry, technical-description
https://vuldb.com/?ctiid.234224signature
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:01:57.366Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.234224",
               },
               {
                  tags: [
                     "signature",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.234224",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               modules: [
                  "HTTP POST Request Handler",
               ],
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "Tritium (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224.",
            },
            {
               lang: "de",
               value: "Eine kritische Schwachstelle wurde in SourceCodester Lost and Found Information System 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /classes/Master.php?f=save_inquiry der Komponente HTTP POST Request Handler. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 SQL Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T15:14:56.890Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.234224",
            },
            {
               tags: [
                  "signature",
               ],
               url: "https://vuldb.com/?ctiid.234224",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-07-15T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-07-15T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-07-15T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-08-06T09:02:19.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System HTTP POST Request sql injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-3679",
      datePublished: "2023-07-15T08:31:03.079Z",
      dateReserved: "2023-07-15T07:32:46.367Z",
      dateUpdated: "2024-08-02T07:01:57.366Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-3017
Vulnerability from cvelistv5
Published
2023-05-31 14:31
Modified
2024-08-02 06:41
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/?page=user/manage_user of the component Manage User Page. The manipulation of the argument First Name/Middle Name/Last Name leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230361 was assigned to this vulnerability.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:41:04.072Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.230361",
               },
               {
                  tags: [
                     "signature",
                     "permissions-required",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.230361",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-html-injection-3596f2b856c0",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               modules: [
                  "Manage User Page",
               ],
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "Akash Pandey",
            },
            {
               lang: "en",
               type: "analyst",
               value: "l3v1ath0n (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/?page=user/manage_user of the component Manage User Page. The manipulation of the argument First Name/Middle Name/Last Name leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230361 was assigned to this vulnerability.",
            },
            {
               lang: "de",
               value: "Es wurde eine Schwachstelle in SourceCodester Lost and Found Information System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei admin/?page=user/manage_user der Komponente Manage User Page. Durch Beeinflussen des Arguments First Name/Middle Name/Last Name mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 2.4,
                  baseSeverity: "LOW",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 2.4,
                  baseSeverity: "LOW",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 3.3,
                  vectorString: "AV:N/AC:L/Au:M/C:N/I:P/A:N",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-80",
                     description: "CWE-80 Basic Cross Site Scripting",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T07:40:13.103Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.230361",
            },
            {
               tags: [
                  "signature",
                  "permissions-required",
               ],
               url: "https://vuldb.com/?ctiid.230361",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-html-injection-3596f2b856c0",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-05-31T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-05-31T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-05-31T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-06-25T09:00:46.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System Manage User Page cross site scripting",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-3017",
      datePublished: "2023-05-31T14:31:03.108Z",
      dateReserved: "2023-05-31T13:13:28.211Z",
      dateUpdated: "2024-08-02T06:41:04.072Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-33677
Vulnerability from cvelistv5
Published
2024-03-06 00:00
Modified
2024-08-28 18:42
Summary
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T15:47:06.687Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://wwwsourcecodestercom.com",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/ASR511-OO7/CVE-2023-33677/blob/main/CVE-29",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "lost_and_found_information_system",
                  vendor: "sourcecodester",
                  versions: [
                     {
                        status: "affected",
                        version: "1.0",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "NONE",
                     baseScore: 5.4,
                     baseSeverity: "MEDIUM",
                     confidentialityImpact: "LOW",
                     integrityImpact: "LOW",
                     privilegesRequired: "LOW",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2023-33677",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-03-06T16:24:55.573245Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-89",
                        description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-08-28T18:42:12.883Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at \"?page=items/view&id=*\".",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-03-06T00:26:49.916385",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "http://wwwsourcecodestercom.com",
            },
            {
               url: "https://github.com/ASR511-OO7/CVE-2023-33677/blob/main/CVE-29",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-33677",
      datePublished: "2024-03-06T00:00:00",
      dateReserved: "2023-05-22T00:00:00",
      dateUpdated: "2024-08-28T18:42:12.883Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-37856
Vulnerability from cvelistv5
Published
2024-07-29 00:00
Modified
2024-10-30 19:32
Summary
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "NONE",
                     baseScore: 5.4,
                     baseSeverity: "MEDIUM",
                     confidentialityImpact: "LOW",
                     integrityImpact: "LOW",
                     privilegesRequired: "LOW",
                     scope: "CHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2024-37856",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-30T13:55:56.392088Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-79",
                        description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-30T19:32:48.750Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T03:57:39.837Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.sourcecodester.com/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://lost.com",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://packetstormsecurity.com/files/179078/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-07-29T19:04:00.205183",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://www.sourcecodester.com/",
            },
            {
               url: "http://lost.com",
            },
            {
               url: "https://packetstormsecurity.com/files/179078/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2024-37856",
      datePublished: "2024-07-29T00:00:00",
      dateReserved: "2024-06-10T00:00:00",
      dateUpdated: "2024-10-30T19:32:48.750Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-3018
Vulnerability from cvelistv5
Published
2023-05-31 14:31
Modified
2024-08-02 06:41
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:41:04.091Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.230362",
               },
               {
                  tags: [
                     "signature",
                     "permissions-required",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.230362",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-idor-cve-2023-977966c4450d",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "Akash Pandey",
            },
            {
               lang: "en",
               type: "analyst",
               value: "l3v1ath0n (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability.",
            },
            {
               lang: "de",
               value: "In SourceCodester Lost and Found Information System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/?page=user/list. Dank der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-284",
                     description: "CWE-284 Improper Access Controls",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T07:41:26.447Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.230362",
            },
            {
               tags: [
                  "signature",
                  "permissions-required",
               ],
               url: "https://vuldb.com/?ctiid.230362",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-idor-cve-2023-977966c4450d",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-05-31T00:00:00.000Z",
               value: "Vulnerability found",
            },
            {
               lang: "en",
               time: "2023-05-31T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-05-31T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-05-31T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-06-25T09:03:52.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System access control",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-3018",
      datePublished: "2023-05-31T14:31:04.073Z",
      dateReserved: "2023-05-31T13:13:40.338Z",
      dateUpdated: "2024-08-02T06:41:04.091Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-2699
Vulnerability from cvelistv5
Published
2023-05-14 12:00
Modified
2024-08-02 06:33
Summary
A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:33:04.300Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.228980",
               },
               {
                  tags: [
                     "signature",
                     "permissions-required",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.228980",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/img/view_item.png",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               modules: [
                  "GET Parameter Handler",
               ],
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "huutuanbg97 (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980.",
            },
            {
               lang: "de",
               value: "Eine kritische Schwachstelle wurde in SourceCodester Lost and Found Information System 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei admin/?page=items/view_item der Komponente GET Parameter Handler. Durch Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 SQL Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T06:22:09.083Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.228980",
            },
            {
               tags: [
                  "signature",
                  "permissions-required",
               ],
               url: "https://vuldb.com/?ctiid.228980",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/img/view_item.png",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-05-14T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-05-14T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-05-14T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-06-08T18:19:50.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System GET Parameter sql injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-2699",
      datePublished: "2023-05-14T12:00:04.999Z",
      dateReserved: "2023-05-14T07:59:41.914Z",
      dateUpdated: "2024-08-02T06:33:04.300Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-2671
Vulnerability from cvelistv5
Published
2023-05-12 08:31
Modified
2024-11-22 15:44
Summary
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228887.
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:33:04.035Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.228887",
               },
               {
                  tags: [
                     "signature",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.228887",
               },
               {
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2671.md",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-2671",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-22T15:43:50.713469Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-22T15:44:02.024Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               modules: [
                  "Contact Form",
               ],
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "huutuanbg97 (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228887.",
            },
            {
               lang: "de",
               value: "Eine Schwachstelle wurde in SourceCodester Lost and Found Information System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei classes/Master.php?f=save_inquiry der Komponente Contact Form. Durch Beeinflussen des Arguments fullname/contact/message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 3.5,
                  baseSeverity: "LOW",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 3.5,
                  baseSeverity: "LOW",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 4,
                  vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "CWE-79 Cross Site Scripting",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-23T06:02:36.611Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.228887",
            },
            {
               tags: [
                  "signature",
               ],
               url: "https://vuldb.com/?ctiid.228887",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2671.md",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-05-12T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-05-12T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-05-12T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-06-08T09:09:12.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System Contact Form cross site scripting",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-2671",
      datePublished: "2023-05-12T08:31:03.243Z",
      dateReserved: "2023-05-12T06:01:28.767Z",
      dateUpdated: "2024-11-22T15:44:02.024Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-3850
Vulnerability from cvelistv5
Published
2023-07-23 10:00
Modified
2024-08-02 07:08
Summary
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.
References
https://vuldb.com/?id.235201vdb-entry, technical-description
https://vuldb.com/?ctiid.235201signature
Impacted products
Vendor Product Version
SourceCodester Lost and Found Information System Version: 1.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:08:50.505Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "technical-description",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?id.235201",
               },
               {
                  tags: [
                     "signature",
                     "x_transferred",
                  ],
                  url: "https://vuldb.com/?ctiid.235201",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               modules: [
                  "HTTP POST Request Handler",
               ],
               product: "Lost and Found Information System",
               vendor: "SourceCodester",
               versions: [
                  {
                     status: "affected",
                     version: "1.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "analyst",
               value: "Smallblack (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.",
            },
            {
               lang: "de",
               value: "In SourceCodester Lost and Found Information System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei /classes/Master.php?f=delete_category der Komponente HTTP POST Request Handler. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.5,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 SQL Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T06:42:51.724Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.235201",
            },
            {
               tags: [
                  "signature",
               ],
               url: "https://vuldb.com/?ctiid.235201",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-07-22T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2023-07-22T00:00:00.000Z",
               value: "CVE reserved",
            },
            {
               lang: "en",
               time: "2023-07-22T02:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2023-08-16T08:26:53.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "SourceCodester Lost and Found Information System HTTP POST Request sql injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2023-3850",
      datePublished: "2023-07-23T10:00:05.905Z",
      dateReserved: "2023-07-22T18:28:43.333Z",
      dateUpdated: "2024-08-02T07:08:50.505Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}