CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4229 – SourceCodester Book Store Management System index.php access control
https://notcve.org/view.php?id=CVE-2022-4229
A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/lithonn/bug-report/tree/main/vendors/oretnom23/bsms_ci/broken-access-control https://vuldb.com/?ctiid.214588 https://vuldb.com/?id.214588 • CWE-284: Improper Access Control CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44097
https://notcve.org/view.php?id=CVE-2022-44097
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. Se descubrió que Book Store Management System v1.0 contenía credenciales codificadas que permiten a los atacantes escalar privilegios y acceder al panel de administración. • https://github.com/upasvi/CVE-/issues/2 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45225
https://notcve.org/view.php?id=CVE-2022-45225
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. Se descubrió que Book Store Management System v1.0 contenía una vulnerabilidad de Cross-Site Scripting (XSS) en /bsms_ci/index.php/book. Esta vulnerabilidad permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload inyectado en el parámetro book_title. • https://medium.com/%40just0rg/book-store-management-system-1-0-unrestricted-input-leads-to-xss-74506d42492e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3452 – SourceCodester Book Store Management System category.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-3452
A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument category_name leads to cross site scripting. The attack can be initiated remotely. • https://vuldb.com/?id.210436 • CWE-707: Improper Neutralization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3453 – SourceCodester Book Store Management System transcation.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-3453
A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /transcation.php. The manipulation of the argument buyer_name leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?id.210437 • CWE-707: Improper Neutralization •