Search

Find a vulnerability

Search criteria

    54 vulnerabilities found for lost_and_found_information_system by oretnom23

    CVE-2024-37859 (GCVE-0-2024-37859)

    Vulnerability from nvd – Published: 2024-07-29 00:00 – Updated: 2024-08-02 03:57
    VLAI
    Summary
    Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    sourcecodester lost_and_found_information_system Affected: 1.0
        cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lost_and_found_information_system",
                "vendor": "sourcecodester",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37859",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T19:39:42.516374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T19:42:49.484Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:57:39.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcecodester.com/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://lost.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/179081/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T18:55:38.221Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.sourcecodester.com/"
            },
            {
              "url": "http://lost.com"
            },
            {
              "url": "https://packetstormsecurity.com/files/179081/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-37859",
        "datePublished": "2024-07-29T00:00:00.000Z",
        "dateReserved": "2024-06-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T03:57:39.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37858 (GCVE-0-2024-37858)

    Vulnerability from nvd – Published: 2024-07-29 00:00 – Updated: 2024-08-02 03:57
    VLAI
    Summary
    SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    lost_and_found_information_system_project lost_and_found_information_system Affected: 1.0
        cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lost_and_found_information_system",
                "vendor": "lost_and_found_information_system_project",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37858",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T14:24:53.823898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T14:27:40.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:57:39.864Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcecodester.com/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://lost.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/179079/Lost-And-Found-Information-System-1.0-SQL-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T19:01:23.071Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.sourcecodester.com/"
            },
            {
              "url": "http://lost.com"
            },
            {
              "url": "https://packetstormsecurity.com/files/179079/Lost-And-Found-Information-System-1.0-SQL-Injection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-37858",
        "datePublished": "2024-07-29T00:00:00.000Z",
        "dateReserved": "2024-06-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T03:57:39.864Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37857 (GCVE-0-2024-37857)

    Vulnerability from nvd – Published: 2024-07-29 00:00 – Updated: 2024-08-02 03:57
    VLAI
    Summary
    SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    sourcecodester lost_and_found_information_system Affected: 1.0
        cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lost_and_found_information_system",
                "vendor": "sourcecodester",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37857",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T19:38:42.364523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T19:38:51.612Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:57:39.796Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcecodester.com/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://lost.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/179080/Lost-And-Found-Information-System-1.0-SQL-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T18:59:08.907Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.sourcecodester.com/"
            },
            {
              "url": "http://lost.com"
            },
            {
              "url": "https://packetstormsecurity.com/files/179080/Lost-And-Found-Information-System-1.0-SQL-Injection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-37857",
        "datePublished": "2024-07-29T00:00:00.000Z",
        "dateReserved": "2024-06-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T03:57:39.796Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37856 (GCVE-0-2024-37856)

    Vulnerability from nvd – Published: 2024-07-29 00:00 – Updated: 2024-10-30 19:32
    VLAI
    Summary
    Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37856",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T13:55:56.392088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T19:32:48.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:57:39.837Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcecodester.com/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://lost.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/179078/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T19:04:00.205Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.sourcecodester.com/"
            },
            {
              "url": "http://lost.com"
            },
            {
              "url": "https://packetstormsecurity.com/files/179078/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-37856",
        "datePublished": "2024-07-29T00:00:00.000Z",
        "dateReserved": "2024-06-10T00:00:00.000Z",
        "dateUpdated": "2024-10-30T19:32:48.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33676 (GCVE-0-2023-33676)

    Vulnerability from nvd – Published: 2024-03-07 00:00 – Updated: 2024-08-16 16:57
    VLAI
    Summary
    Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*" which can be escalated to the remote command execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    sourcecodester lost_and_found_information_system Affected: 1.0
        cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:47:06.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ASR511-OO7/CVE-2023-33676/blob/main/CVE-30"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lost_and_found_information_system",
                "vendor": "sourcecodester",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33676",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-07T16:36:51.474443Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-16T16:57:17.026Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sourcecodester Lost and Found Information System\u0027s Version 1.0 is vulnerable to unauthenticated SQL Injection at \"?page=items/view\u0026id=*\" which can be escalated to the remote command execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-07T08:47:30.428Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/ASR511-OO7/CVE-2023-33676/blob/main/CVE-30"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-33676",
        "datePublished": "2024-03-07T00:00:00.000Z",
        "dateReserved": "2023-05-22T00:00:00.000Z",
        "dateUpdated": "2024-08-16T16:57:17.026Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33677 (GCVE-0-2023-33677)

    Vulnerability from nvd – Published: 2024-03-06 00:00 – Updated: 2024-08-28 18:42
    VLAI
    Summary
    Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    sourcecodester lost_and_found_information_system Affected: 1.0
        cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:47:06.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://wwwsourcecodestercom.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ASR511-OO7/CVE-2023-33677/blob/main/CVE-29"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lost_and_found_information_system",
                "vendor": "sourcecodester",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33677",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-06T16:24:55.573245Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T18:42:12.883Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sourcecodester Lost and Found Information System\u0027s Version 1.0 is vulnerable to unauthenticated SQL Injection at \"?page=items/view\u0026id=*\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-06T00:26:49.916Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://wwwsourcecodestercom.com"
            },
            {
              "url": "https://github.com/ASR511-OO7/CVE-2023-33677/blob/main/CVE-29"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-33677",
        "datePublished": "2024-03-06T00:00:00.000Z",
        "dateReserved": "2023-05-22T00:00:00.000Z",
        "dateUpdated": "2024-08-28T18:42:12.883Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38965 (GCVE-0-2023-38965)

    Vulnerability from nvd – Published: 2023-11-03 00:00 – Updated: 2025-11-11 17:02
    VLAI
    Summary
    Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38965",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T14:55:19.807076Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T14:55:48.890Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-11T17:02:36.956Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt"
            },
            {
              "url": "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html"
            },
            {
              "url": "https://www.exploit-db.com/exploits/51795"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38965",
        "datePublished": "2023-11-03T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2025-11-11T17:02:36.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5018 (GCVE-0-2023-5018)

    Vulnerability from nvd – Published: 2023-09-17 03:31 – Updated: 2024-08-02 07:44
    VLAI
    Title
    SourceCodester Lost and Found Information System POST Parameter sql injection
    Summary
    A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.239859 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.239859 signature
    Impacted products
    Credits
    p1taya (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5018",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-11T19:26:14.897432Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-11T19:26:22.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:53.511Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.239859"
              },
              {
                "tags": [
                  "signature",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.239859"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "POST Parameter Handler"
              ],
              "product": "Lost and Found Information System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "p1taya (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in SourceCodester Lost and Found Information System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /classes/Master.php?f=save_category der Komponente POST Parameter Handler. Durch Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:36:32.432Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.239859"
            },
            {
              "tags": [
                "signature"
              ],
              "url": "https://vuldb.com/?ctiid.239859"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-09-16T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-09-16T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-09-16T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-10-12T14:20:07.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Lost and Found Information System POST Parameter sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-5018",
        "datePublished": "2023-09-17T03:31:04.553Z",
        "dateReserved": "2023-09-16T07:01:48.882Z",
        "dateUpdated": "2024-08-02T07:44:53.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36159 (GCVE-0-2023-36159)

    Vulnerability from nvd – Published: 2023-08-03 00:00 – Updated: 2024-10-17 16:16
    VLAI
    Summary
    Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:41.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://lost.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cyberredteam.tech/posts/cve-2023-36159/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36159",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T16:16:37.375259Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T16:16:47.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-09T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html"
            },
            {
              "url": "http://lost.com"
            },
            {
              "url": "https://cyberredteam.tech/posts/cve-2023-36159/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-36159",
        "datePublished": "2023-08-03T00:00:00.000Z",
        "dateReserved": "2023-06-21T00:00:00.000Z",
        "dateUpdated": "2024-10-17T16:16:47.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3850 (GCVE-0-2023-3850)

    Vulnerability from nvd – Published: 2023-07-23 10:00 – Updated: 2024-08-02 07:08
    VLAI
    Title
    SourceCodester Lost and Found Information System HTTP POST Request sql injection
    Summary
    A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.235201 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.235201 signature
    Impacted products
    Credits
    Smallblack (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.235201"
              },
              {
                "tags": [
                  "signature",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.235201"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP POST Request Handler"
              ],
              "product": "Lost and Found Information System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "Smallblack (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "In SourceCodester Lost and Found Information System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /classes/Master.php?f=delete_category der Komponente HTTP POST Request Handler. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T06:42:51.724Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.235201"
            },
            {
              "tags": [
                "signature"
              ],
              "url": "https://vuldb.com/?ctiid.235201"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-07-22T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-07-22T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-08-16T08:26:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Lost and Found Information System HTTP POST Request sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3850",
        "datePublished": "2023-07-23T10:00:05.905Z",
        "dateReserved": "2023-07-22T18:28:43.333Z",
        "dateUpdated": "2024-08-02T07:08:50.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3680 (GCVE-0-2023-3680)

    Vulnerability from nvd – Published: 2023-07-15 09:00 – Updated: 2024-08-02 07:01
    VLAI
    Title
    SourceCodester Lost and Found Information System HTTP POST Request sql injection
    Summary
    A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.234225 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.234225 signature
    Impacted products
    Credits
    ZFLY (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:01:57.516Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.234225"
              },
              {
                "tags": [
                  "signature",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.234225"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP POST Request Handler"
              ],
              "product": "Lost and Found Information System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "ZFLY (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in SourceCodester Lost and Found Information System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /classes/Master.php?f=save_item der Komponente HTTP POST Request Handler. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T15:16:10.176Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.234225"
            },
            {
              "tags": [
                "signature"
              ],
              "url": "https://vuldb.com/?ctiid.234225"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-07-15T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-07-15T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-08-06T09:04:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Lost and Found Information System HTTP POST Request sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3680",
        "datePublished": "2023-07-15T09:00:05.039Z",
        "dateReserved": "2023-07-15T07:34:40.440Z",
        "dateUpdated": "2024-08-02T07:01:57.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3679 (GCVE-0-2023-3679)

    Vulnerability from nvd – Published: 2023-07-15 08:31 – Updated: 2024-08-02 07:01
    VLAI
    Title
    SourceCodester Lost and Found Information System HTTP POST Request sql injection
    Summary
    A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.234224 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.234224 signature
    Impacted products
    Credits
    Tritium (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:01:57.366Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.234224"
              },
              {
                "tags": [
                  "signature",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.234224"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP POST Request Handler"
              ],
              "product": "Lost and Found Information System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "Tritium (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in SourceCodester Lost and Found Information System 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /classes/Master.php?f=save_inquiry der Komponente HTTP POST Request Handler. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T15:14:56.890Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.234224"
            },
            {
              "tags": [
                "signature"
              ],
              "url": "https://vuldb.com/?ctiid.234224"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-07-15T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-07-15T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-08-06T09:02:19.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Lost and Found Information System HTTP POST Request sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3679",
        "datePublished": "2023-07-15T08:31:03.079Z",
        "dateReserved": "2023-07-15T07:32:46.367Z",
        "dateUpdated": "2024-08-02T07:01:57.366Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33592 (GCVE-0-2023-33592)

    Vulnerability from nvd – Published: 2023-06-28 00:00 – Updated: 2024-11-27 15:03
    VLAI
    Summary
    Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:47:06.424Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/DARSHANAGUPTA10/CVE/blob/main/CVE-2023-33592"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/173331/Lost-And-Found-Information-System-1.0-SQL-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33592",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-27T15:03:44.966918Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-27T15:03:54.676Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html"
            },
            {
              "url": "https://github.com/DARSHANAGUPTA10/CVE/blob/main/CVE-2023-33592"
            },
            {
              "url": "http://packetstormsecurity.com/files/173331/Lost-And-Found-Information-System-1.0-SQL-Injection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-33592",
        "datePublished": "2023-06-28T00:00:00.000Z",
        "dateReserved": "2023-05-22T00:00:00.000Z",
        "dateUpdated": "2024-11-27T15:03:54.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3177 (GCVE-0-2023-3177)

    Vulnerability from nvd – Published: 2023-06-09 06:00 – Updated: 2024-11-22 15:36
    VLAI
    Title
    SourceCodester Lost and Found Information System view_inquiry.php sql injection
    Summary
    A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.231151 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.231151 signaturepermissions-required
    https://github.com/AnotherN/cvv/blob/main/imgs/Lo… exploit
    Impacted products
    Credits
    hu faxiang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.783Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.231151"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.231151"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-admininquiriesview_inquiryphp"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3177",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T15:36:47.836140Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T15:36:59.661Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Lost and Found Information System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "hu faxiang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\\inquiries\\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151."
            },
            {
              "lang": "de",
              "value": "In SourceCodester Lost and Found Information System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei admin\\inquiries\\view_inquiry.php. Durch Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T13:00:15.427Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.231151"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.231151"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-admininquiriesview_inquiryphp"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-06-09T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-06-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-07-07T16:45:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Lost and Found Information System view_inquiry.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3177",
        "datePublished": "2023-06-09T06:00:04.330Z",
        "dateReserved": "2023-06-09T05:24:42.143Z",
        "dateUpdated": "2024-11-22T15:36:59.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3176 (GCVE-0-2023-3176)

    Vulnerability from nvd – Published: 2023-06-09 05:31 – Updated: 2024-08-02 06:48
    VLAI
    Title
    SourceCodester Lost and Found Information System manage_user.php sql injection
    Summary
    A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.231150 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.231150 signaturepermissions-required
    https://github.com/AnotherN/cvv/blob/main/imgs/Lo… exploit
    Impacted products
    Credits
    hu faxiang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.048Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.231150"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.231150"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#7sql-injection-vulnerability-in-adminusermanage_userphp"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Lost and Found Information System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "hu faxiang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\\user\\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in SourceCodester Lost and Found Information System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei admin\\user\\manage_user.php. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T12:59:01.178Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.231150"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.231150"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#7sql-injection-vulnerability-in-adminusermanage_userphp"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-06-09T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-06-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-07-07T16:30:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Lost and Found Information System manage_user.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3176",
        "datePublished": "2023-06-09T05:31:03.360Z",
        "dateReserved": "2023-06-09T05:24:40.068Z",
        "dateUpdated": "2024-08-02T06:48:08.048Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37859 (GCVE-0-2024-37859)

    Vulnerability from cvelistv5 – Published: 2024-07-29 00:00 – Updated: 2024-08-02 03:57
    VLAI
    Summary
    Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    sourcecodester lost_and_found_information_system Affected: 1.0
        cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lost_and_found_information_system",
                "vendor": "sourcecodester",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37859",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T19:39:42.516374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T19:42:49.484Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:57:39.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcecodester.com/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://lost.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/179081/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T18:55:38.221Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.sourcecodester.com/"
            },
            {
              "url": "http://lost.com"
            },
            {
              "url": "https://packetstormsecurity.com/files/179081/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-37859",
        "datePublished": "2024-07-29T00:00:00.000Z",
        "dateReserved": "2024-06-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T03:57:39.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37857 (GCVE-0-2024-37857)

    Vulnerability from cvelistv5 – Published: 2024-07-29 00:00 – Updated: 2024-08-02 03:57
    VLAI
    Summary
    SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    sourcecodester lost_and_found_information_system Affected: 1.0
        cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lost_and_found_information_system",
                "vendor": "sourcecodester",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37857",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T19:38:42.364523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T19:38:51.612Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:57:39.796Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcecodester.com/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://lost.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/179080/Lost-And-Found-Information-System-1.0-SQL-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T18:59:08.907Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.sourcecodester.com/"
            },
            {
              "url": "http://lost.com"
            },
            {
              "url": "https://packetstormsecurity.com/files/179080/Lost-And-Found-Information-System-1.0-SQL-Injection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-37857",
        "datePublished": "2024-07-29T00:00:00.000Z",
        "dateReserved": "2024-06-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T03:57:39.796Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37856 (GCVE-0-2024-37856)

    Vulnerability from cvelistv5 – Published: 2024-07-29 00:00 – Updated: 2024-10-30 19:32
    VLAI
    Summary
    Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37856",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T13:55:56.392088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T19:32:48.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:57:39.837Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcecodester.com/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://lost.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/179078/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T19:04:00.205Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.sourcecodester.com/"
            },
            {
              "url": "http://lost.com"
            },
            {
              "url": "https://packetstormsecurity.com/files/179078/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-37856",
        "datePublished": "2024-07-29T00:00:00.000Z",
        "dateReserved": "2024-06-10T00:00:00.000Z",
        "dateUpdated": "2024-10-30T19:32:48.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37858 (GCVE-0-2024-37858)

    Vulnerability from cvelistv5 – Published: 2024-07-29 00:00 – Updated: 2024-08-02 03:57
    VLAI
    Summary
    SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    lost_and_found_information_system_project lost_and_found_information_system Affected: 1.0
        cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lost_and_found_information_system",
                "vendor": "lost_and_found_information_system_project",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37858",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T14:24:53.823898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T14:27:40.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:57:39.864Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcecodester.com/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://lost.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/179079/Lost-And-Found-Information-System-1.0-SQL-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T19:01:23.071Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.sourcecodester.com/"
            },
            {
              "url": "http://lost.com"
            },
            {
              "url": "https://packetstormsecurity.com/files/179079/Lost-And-Found-Information-System-1.0-SQL-Injection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-37858",
        "datePublished": "2024-07-29T00:00:00.000Z",
        "dateReserved": "2024-06-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T03:57:39.864Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33676 (GCVE-0-2023-33676)

    Vulnerability from cvelistv5 – Published: 2024-03-07 00:00 – Updated: 2024-08-16 16:57
    VLAI
    Summary
    Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*" which can be escalated to the remote command execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    sourcecodester lost_and_found_information_system Affected: 1.0
        cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:47:06.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ASR511-OO7/CVE-2023-33676/blob/main/CVE-30"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lost_and_found_information_system",
                "vendor": "sourcecodester",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33676",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-07T16:36:51.474443Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-16T16:57:17.026Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sourcecodester Lost and Found Information System\u0027s Version 1.0 is vulnerable to unauthenticated SQL Injection at \"?page=items/view\u0026id=*\" which can be escalated to the remote command execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-07T08:47:30.428Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/ASR511-OO7/CVE-2023-33676/blob/main/CVE-30"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-33676",
        "datePublished": "2024-03-07T00:00:00.000Z",
        "dateReserved": "2023-05-22T00:00:00.000Z",
        "dateUpdated": "2024-08-16T16:57:17.026Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33677 (GCVE-0-2023-33677)

    Vulnerability from cvelistv5 – Published: 2024-03-06 00:00 – Updated: 2024-08-28 18:42
    VLAI
    Summary
    Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    sourcecodester lost_and_found_information_system Affected: 1.0
        cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:47:06.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://wwwsourcecodestercom.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ASR511-OO7/CVE-2023-33677/blob/main/CVE-29"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sourcecodester:lost_and_found_information_system:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lost_and_found_information_system",
                "vendor": "sourcecodester",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33677",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-06T16:24:55.573245Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T18:42:12.883Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sourcecodester Lost and Found Information System\u0027s Version 1.0 is vulnerable to unauthenticated SQL Injection at \"?page=items/view\u0026id=*\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-06T00:26:49.916Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://wwwsourcecodestercom.com"
            },
            {
              "url": "https://github.com/ASR511-OO7/CVE-2023-33677/blob/main/CVE-29"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-33677",
        "datePublished": "2024-03-06T00:00:00.000Z",
        "dateReserved": "2023-05-22T00:00:00.000Z",
        "dateUpdated": "2024-08-28T18:42:12.883Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38965 (GCVE-0-2023-38965)

    Vulnerability from cvelistv5 – Published: 2023-11-03 00:00 – Updated: 2025-11-11 17:02
    VLAI
    Summary
    Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38965",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T14:55:19.807076Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T14:55:48.890Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-11T17:02:36.956Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt"
            },
            {
              "url": "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html"
            },
            {
              "url": "https://www.exploit-db.com/exploits/51795"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38965",
        "datePublished": "2023-11-03T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2025-11-11T17:02:36.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5018 (GCVE-0-2023-5018)

    Vulnerability from cvelistv5 – Published: 2023-09-17 03:31 – Updated: 2024-08-02 07:44
    VLAI
    Title
    SourceCodester Lost and Found Information System POST Parameter sql injection
    Summary
    A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.239859 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.239859 signature
    Impacted products
    Credits
    p1taya (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5018",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-11T19:26:14.897432Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-11T19:26:22.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:53.511Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.239859"
              },
              {
                "tags": [
                  "signature",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.239859"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "POST Parameter Handler"
              ],
              "product": "Lost and Found Information System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "p1taya (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in SourceCodester Lost and Found Information System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /classes/Master.php?f=save_category der Komponente POST Parameter Handler. Durch Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:36:32.432Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.239859"
            },
            {
              "tags": [
                "signature"
              ],
              "url": "https://vuldb.com/?ctiid.239859"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-09-16T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-09-16T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-09-16T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-10-12T14:20:07.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Lost and Found Information System POST Parameter sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-5018",
        "datePublished": "2023-09-17T03:31:04.553Z",
        "dateReserved": "2023-09-16T07:01:48.882Z",
        "dateUpdated": "2024-08-02T07:44:53.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36159 (GCVE-0-2023-36159)

    Vulnerability from cvelistv5 – Published: 2023-08-03 00:00 – Updated: 2024-10-17 16:16
    VLAI
    Summary
    Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:41.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://lost.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cyberredteam.tech/posts/cve-2023-36159/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36159",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T16:16:37.375259Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T16:16:47.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-09T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html"
            },
            {
              "url": "http://lost.com"
            },
            {
              "url": "https://cyberredteam.tech/posts/cve-2023-36159/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-36159",
        "datePublished": "2023-08-03T00:00:00.000Z",
        "dateReserved": "2023-06-21T00:00:00.000Z",
        "dateUpdated": "2024-10-17T16:16:47.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3850 (GCVE-0-2023-3850)

    Vulnerability from cvelistv5 – Published: 2023-07-23 10:00 – Updated: 2024-08-02 07:08
    VLAI
    Title
    SourceCodester Lost and Found Information System HTTP POST Request sql injection
    Summary
    A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.235201 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.235201 signature
    Impacted products
    Credits
    Smallblack (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.235201"
              },
              {
                "tags": [
                  "signature",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.235201"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP POST Request Handler"
              ],
              "product": "Lost and Found Information System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "Smallblack (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "In SourceCodester Lost and Found Information System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /classes/Master.php?f=delete_category der Komponente HTTP POST Request Handler. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T06:42:51.724Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.235201"
            },
            {
              "tags": [
                "signature"
              ],
              "url": "https://vuldb.com/?ctiid.235201"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-07-22T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-07-22T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-08-16T08:26:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Lost and Found Information System HTTP POST Request sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3850",
        "datePublished": "2023-07-23T10:00:05.905Z",
        "dateReserved": "2023-07-22T18:28:43.333Z",
        "dateUpdated": "2024-08-02T07:08:50.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3680 (GCVE-0-2023-3680)

    Vulnerability from cvelistv5 – Published: 2023-07-15 09:00 – Updated: 2024-08-02 07:01
    VLAI
    Title
    SourceCodester Lost and Found Information System HTTP POST Request sql injection
    Summary
    A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.234225 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.234225 signature
    Impacted products
    Credits
    ZFLY (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:01:57.516Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.234225"
              },
              {
                "tags": [
                  "signature",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.234225"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP POST Request Handler"
              ],
              "product": "Lost and Found Information System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "ZFLY (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in SourceCodester Lost and Found Information System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /classes/Master.php?f=save_item der Komponente HTTP POST Request Handler. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T15:16:10.176Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.234225"
            },
            {
              "tags": [
                "signature"
              ],
              "url": "https://vuldb.com/?ctiid.234225"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-07-15T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-07-15T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-08-06T09:04:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Lost and Found Information System HTTP POST Request sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3680",
        "datePublished": "2023-07-15T09:00:05.039Z",
        "dateReserved": "2023-07-15T07:34:40.440Z",
        "dateUpdated": "2024-08-02T07:01:57.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3679 (GCVE-0-2023-3679)

    Vulnerability from cvelistv5 – Published: 2023-07-15 08:31 – Updated: 2024-08-02 07:01
    VLAI
    Title
    SourceCodester Lost and Found Information System HTTP POST Request sql injection
    Summary
    A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.234224 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.234224 signature
    Impacted products
    Credits
    Tritium (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:01:57.366Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.234224"
              },
              {
                "tags": [
                  "signature",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.234224"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP POST Request Handler"
              ],
              "product": "Lost and Found Information System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "Tritium (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in SourceCodester Lost and Found Information System 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /classes/Master.php?f=save_inquiry der Komponente HTTP POST Request Handler. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T15:14:56.890Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.234224"
            },
            {
              "tags": [
                "signature"
              ],
              "url": "https://vuldb.com/?ctiid.234224"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-07-15T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-07-15T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-08-06T09:02:19.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Lost and Found Information System HTTP POST Request sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3679",
        "datePublished": "2023-07-15T08:31:03.079Z",
        "dateReserved": "2023-07-15T07:32:46.367Z",
        "dateUpdated": "2024-08-02T07:01:57.366Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33592 (GCVE-0-2023-33592)

    Vulnerability from cvelistv5 – Published: 2023-06-28 00:00 – Updated: 2024-11-27 15:03
    VLAI
    Summary
    Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:47:06.424Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/DARSHANAGUPTA10/CVE/blob/main/CVE-2023-33592"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/173331/Lost-And-Found-Information-System-1.0-SQL-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33592",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-27T15:03:44.966918Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-27T15:03:54.676Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html"
            },
            {
              "url": "https://github.com/DARSHANAGUPTA10/CVE/blob/main/CVE-2023-33592"
            },
            {
              "url": "http://packetstormsecurity.com/files/173331/Lost-And-Found-Information-System-1.0-SQL-Injection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-33592",
        "datePublished": "2023-06-28T00:00:00.000Z",
        "dateReserved": "2023-05-22T00:00:00.000Z",
        "dateUpdated": "2024-11-27T15:03:54.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3177 (GCVE-0-2023-3177)

    Vulnerability from cvelistv5 – Published: 2023-06-09 06:00 – Updated: 2024-11-22 15:36
    VLAI
    Title
    SourceCodester Lost and Found Information System view_inquiry.php sql injection
    Summary
    A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.231151 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.231151 signaturepermissions-required
    https://github.com/AnotherN/cvv/blob/main/imgs/Lo… exploit
    Impacted products
    Credits
    hu faxiang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.783Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.231151"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.231151"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-admininquiriesview_inquiryphp"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3177",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T15:36:47.836140Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T15:36:59.661Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Lost and Found Information System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "hu faxiang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\\inquiries\\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151."
            },
            {
              "lang": "de",
              "value": "In SourceCodester Lost and Found Information System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei admin\\inquiries\\view_inquiry.php. Durch Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T13:00:15.427Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.231151"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.231151"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-admininquiriesview_inquiryphp"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-06-09T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-06-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-07-07T16:45:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Lost and Found Information System view_inquiry.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3177",
        "datePublished": "2023-06-09T06:00:04.330Z",
        "dateReserved": "2023-06-09T05:24:42.143Z",
        "dateUpdated": "2024-11-22T15:36:59.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3176 (GCVE-0-2023-3176)

    Vulnerability from cvelistv5 – Published: 2023-06-09 05:31 – Updated: 2024-08-02 06:48
    VLAI
    Title
    SourceCodester Lost and Found Information System manage_user.php sql injection
    Summary
    A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.231150 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.231150 signaturepermissions-required
    https://github.com/AnotherN/cvv/blob/main/imgs/Lo… exploit
    Impacted products
    Credits
    hu faxiang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.048Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.231150"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.231150"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#7sql-injection-vulnerability-in-adminusermanage_userphp"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Lost and Found Information System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "hu faxiang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\\user\\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in SourceCodester Lost and Found Information System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei admin\\user\\manage_user.php. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T12:59:01.178Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.231150"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.231150"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#7sql-injection-vulnerability-in-adminusermanage_userphp"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-06-09T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-06-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-07-07T16:30:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Lost and Found Information System manage_user.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3176",
        "datePublished": "2023-06-09T05:31:03.360Z",
        "dateReserved": "2023-06-09T05:24:40.068Z",
        "dateUpdated": "2024-08-02T06:48:08.048Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }