CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7097 – code-projects Water Billing System addbill.php sql injection
https://notcve.org/view.php?id=CVE-2023-7097
A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Glunko/vulnerability/blob/main/Water-Billing-System_sql.md https://vuldb.com/?ctiid.248949 https://vuldb.com/?id.248949 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27241
https://notcve.org/view.php?id=CVE-2023-27241
SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the lastname text box under the Add Client module. • https://github.com/kaikai-11/WaterBilling-System https://github.com/kaikai-11/WaterBilling-System/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30461
https://notcve.org/view.php?id=CVE-2022-30461
Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id Water-billing-management-system versión v1.0, es vulnerable a una Inyección SQL por medio de /wbms/classes/Master.php?f=delete_client, id • https://github.com/mikeccltt/wbms_bug_report/blob/main/water-billing-management-system/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30462
https://notcve.org/view.php?id=CVE-2022-30462
Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. Water-billing-management-system versión v1.0, está afectado por: Cross Site Scripting (XSS) por medio de /wbms/classes/Users.php?f=save, firstname • https://github.com/mikeccltt/wbms_bug_report/blob/main/water-billing-management-system/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36033
https://notcve.org/view.php?id=CVE-2020-36033
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php. Una vulnerabilidad de inyección SQL en SourceCodester Water Billing System versión 1.0, por medio del parámetro id en el archivo edituser.php • https://github.com/TCSWT/Water-Billing-System • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •