CVE-2024-8560 – SourceCodester Simple Invoice Generator System save_invoice.php sql injection
https://notcve.org/view.php?id=CVE-2024-8560
A vulnerability, which was classified as critical, was found in SourceCodester Simple Invoice Generator System 1.0. Affected is an unknown function of the file /save_invoice.php. The manipulation of the argument invoice_code/customer/cashier/total_amount/discount_percentage/discount_amount/tendered_amount leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.276780 https://vuldb.com/?id.276780 https://vuldb.com/?submit.403629 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-6650 – SourceCodester Simple Invoice Generator System login.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-6650
A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. This issue affects some unknown processing of the file login.php. The manipulation of the argument cashier leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/x1280/CVE/blob/main/Cross-site%20Scriping_cashier.md https://vuldb.com/?ctiid.247343 https://vuldb.com/?id.247343 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •