Filtered by vendor Kashipara Subscriptions
Filtered by product Online Notice Board System Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-12233 2 Fabianros, Kashipara 2 Online Notice Board, Online Notice Board System 2024-12-11 7.3 High
A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-50760 1 Kashipara 1 Online Notice Board System 2024-11-21 8.8 High
Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
CVE-2023-50753 1 Kashipara 1 Online Notice Board System 2024-11-21 9.8 Critical
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50752 1 Kashipara 1 Online Notice Board System 2024-11-21 9.8 Critical
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50743 1 Kashipara 1 Online Notice Board System 2024-11-21 9.8 Critical
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database.