208 results (0.000 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/13u11erFly/cve/blob/main/xss.md https://vuldb.com/?ctiid.284717 https://vuldb.com/?id.284717 https://vuldb.com/?submit.443398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in code-projects Inventory Management up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /model/editProduct.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. • https://code-projects.org https://github.com/sh3rl0ckpggp/0day/blob/main/inventory-management_authenticated_sqli.md https://vuldb.com/?ctiid.284686 https://vuldb.com/?id.284686 https://vuldb.com/?submit.443272 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/curry136/cve/blob/main/xss8.md https://vuldb.com/?ctiid.284682 https://vuldb.com/?id.284682 https://vuldb.com/?submit.443189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/WEFNNTT/cve/blob/main/sql.md https://vuldb.com/?ctiid.284681 https://vuldb.com/?id.284681 https://vuldb.com/?submit.443188 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/zsx020121/cve/blob/main/sql.md https://vuldb.com/?ctiid.284680 https://vuldb.com/?id.284680 https://vuldb.com/?submit.443177 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •