CVE-2021-28000
https://notcve.org/view.php?id=CVE-2021-28000
A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields. Se ha detectado una vulnerabilidad de tipo cross-site scripting persistente en Local Services Search Engine Management System Project versión 1.0, que permite a atacantes remotos ejecutar código arbitrario por medio de cargas útiles diseñadas que se introducen en los campos Name y Address. • https://tusharvaidya16.medium.com/local-services-search-engine-management-system-project-lssmes-1-0-af2cae7cbbf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-27999
https://notcve.org/view.php?id=CVE-2021-27999
A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database. Se ha detectado una vulnerabilidad de inyección SQL en el parámetro editid en Local Services Search Engine Management System Project versión 1.0. Esta vulnerabilidad da a usuarios administradores la habilidad de volcar todos los datos de la base de datos. • https://medium.com/%40tusharvaidya16/authenticated-blind-error-based-sql-injection-on-local-services-search-engine-management-system-3e99779f0850 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-3278 – Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass
https://notcve.org/view.php?id=CVE-2021-3278
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page. Local Service Search Engine Management System versión 1.0, presenta una vulnerabilidad debido a una omisión de autenticación usando una inyección SQL. Con esta vulnerabilidad, un atacante puede omitir la página de inicio de sesión Local Service Search Engine Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • https://www.exploit-db.com/exploits/49163 http://packetstormsecurity.com/files/162919/Local-Service-Search-Engine-Management-System-1.0-SQL-Injection.html https://www.sourcecodester.com/php/14607/local-service-search-engine-management-system-using-phpmysqli-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •