2 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CveSecLook/cve/issues/60 https://vuldb.com/?ctiid.275139 https://vuldb.com/?id.275139 https://vuldb.com/?submit.393525 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Glunko/vulnerability/blob/main/Point-of-Sales-And-Inventory-Management-System.md https://vuldb.com/?ctiid.248846 https://vuldb.com/?id.248846 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •