5 results (0.009 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. Se descubrió que Simple Cold Storage Management System v1.0 contiene una vulnerabilidad de inyección SQL a través del parámetro id en /bookings/update_status.php. Simple Cold Storage Management System version 1.0 suffers from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/169605/Simple-Cold-Storage-Management-System-1.0-SQL-Injection.html https://github.com/HKD01l/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details. Se descubrió que Simple Cold Storage Management System v1.0 contiene una vulnerabilidad de inyección SQL a través del parámetro id en /admin/?page=bookings/view_details. • https://github.com/HKD01l/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /csms/admin/?page=system_info of the component Setting Handler. The manipulation of the argument System Name/System Short Name leads to cross site scripting. • https://github.com/lakshaya0557/POCs/blob/main/POC https://vuldb.com/?id.211047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=. Simple Cold Storage Management System versión v1.0, es vulnerable a una inyección SQL por medio de /csms/admin/?page=user/manage_user&id= • https://github.com/Tr0ee/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. El parámetro id en el archivo view_storage.php de Simple Cold Storage Management System versión 1.0, parece ser vulnerable a ataques de inyección SQL. Una carga útil inyecta una subconsulta SQL que llama a la función load_file de MySQL con una ruta de archivo UNC que hace referencia a una URL en un dominio externo. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CSMS-1.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •