Schnee

#9326of 53,624
29.4Total CVSS
Vulnerabilities · 3
Critical
3
PT-2024-34246
9.8
2024-05-17
Unknown · Sourcecodester Student Management System · CVE-2024-5047
Name of the Vulnerable Software and Affected Versions: SourceCodester Student Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /student/controller.php. The manipulation of the `photo` argument leads to unrestricted upload. It is possible to launch the attack remotely. Recommendations: For SourceCodester Student Management System version 1.0, consider restricting access to the /student/controller.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `photo` argument in the affected function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2024-33348
9.8
2024-05-16
Sourcecodester · Sourcecodester Employee/Visitor Gate Pass Logging System · CVE-2024-4921
**Name of the Vulnerable Software and Affected Versions** SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 **Description** A critical vulnerability has been found in the system, affecting an unknown function of the file /employee gatepass/classes/Users.php?f=ssave. The manipulation of the `img` argument leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, patch the system immediately and validate input sanitization to prevent unrestricted upload. As a temporary workaround, consider restricting access to the /employee gatepass/classes/Users.php file to minimize the risk of exploitation. Avoid using the `img` argument in the affected file until the issue is resolved.
PT-2024-32324
9.8
2024-05-10
D Link · D-Link Dar-8000-10 · CVE-2024-4699
**Name of the Vulnerable Software and Affected Versions** D-Link DAR-8000-10 up to 20230922 **Description** A critical issue has been found in the processing of the file /importhtml.php, where the manipulation of the `sql` argument leads to deserialization. This issue can be exploited remotely. The product is end-of-life and should be retired and replaced. **Recommendations** For D-Link DAR-8000-10 up to 20230922, the recommended course of action is to retire and replace the product, as it is no longer supported by the maintainer.