10 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in SourceCodester Stock Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CveSecLook/cve/issues/43 https://vuldb.com/?ctiid.267457 https://vuldb.com/?id.267457 https://vuldb.com/?submit.352337 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. Sourcecodester Stock Management System v1.0 es vulnerable a la inyección SQL a través de editCategories.php. • https://github.com/CveSecLook/cve/issues/42 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Stock Management System 1.0. It has been classified as critical. Affected is an unknown function of the file createBrand.php. The manipulation of the argument brandName leads to sql injection. It is possible to launch the attack remotely. • https://github.com/HaojianWang/cve/issues/1 https://vuldb.com/?ctiid.266586 https://vuldb.com/?id.266586 https://vuldb.com/?submit.345714 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file. Vulnerabilidad de inyección SQL en Stock Management System 1.0 permite a un atacante remoto ejecutar código arbitrario a través del parámetro id en el archivo manage_bo.php. Stock Management System version 1.0 suffers from a remote SQL injection vulnerability. • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2023-004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/drive/folders/17JTwjuT09q7he_oXkMtZS5jyyXw8ZIgg?usp=sharing https://vuldb.com/?ctiid.252203 https://vuldb.com/?id.252203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •