CVE-2023-33676

HIGH Year: 2023
CVSS v3 Score
8.4
High
Weakness Type
CWE-89
View all →

Vulnerability Description

Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*" which can be escalated to the remote command execution.

Related Vulnerabilities

CVE-2020-25514

HIGH
CVSS:8.4(High)

Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.

CWE-892020

CVE-2024-29828

HIGH
CVSS:8.4(High)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

CWE-892024

CVE-2024-29829

HIGH
CVSS:8.4(High)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

CWE-892024

CVE-2024-29830

HIGH
CVSS:8.4(High)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

CWE-892024

CVE-2024-29846

HIGH
CVSS:8.4(High)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

CWE-892024

CVE-2024-37381

HIGH
CVSS:8.4(High)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.

CWE-892024