CVE-2023-50035
https://notcve.org/view.php?id=CVE-2023-50035
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed. PHPGurukul Small CRM 3.0 es vulnerable a la inyección SQL en el panel de inicio de sesión de los usuarios debido a que el parámetro "password" se usa directamente en la consulta SQL sin ninguna sanitización y sin que se ejecute el payload de la inyección SQL. • https://github.com/hackerhijeck/Exploited/blob/main/Small_CRM/SQL-Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-45394
https://notcve.org/view.php?id=CVE-2023-45394
Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el campo Company en la sección "Solicitar una cotización" de Small CRM v3.0 permite a un atacante almacenar y ejecutar código javascript malicioso en el panel de administración, lo que conduce a la apropiación de la cuenta de Administrador. • https://github.com/kartik753/CVE/blob/main/CVE-2023-45394 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-44075
https://notcve.org/view.php?id=CVE-2023-44075
Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en Small CRM en PHP v.3.0 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro Dirección. • https://github.com/TheKongV/CVE/blob/main/CVE-2023-44075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-43331
https://notcve.org/view.php?id=CVE-2023-43331
A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. Una vulnerabilidad de Cross-Site Scripting (XSS) en la función Agregar Usuario de Small CRM v3.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el campo Nombre. • https://github.com/Kartikhunter/CVE/blob/main/CVE-2023-43331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-34650
https://notcve.org/view.php?id=CVE-2023-34650
PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS). • https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34650 https://phpgurukul.com/small-crm-php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •