CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46581
https://notcve.org/view.php?id=CVE-2023-46581
SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component. Vulnerabilidad de inyección SQL en Inventory Management v.1.0 permite a un atacante local ejecutar código arbitrario a través de los parámetros name, uname y email electrónico en el componente registration.php. • https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46581-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46580
https://notcve.org/view.php?id=CVE-2023-46580
Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component. La vulnerabilidad de Cross-Site Scripting (XSS) en Inventory Management V1.0 permite a atacantes ejecutar código arbitrario a través del parámetro pname del componente editProduct.php. • https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46580-Code-Projects-Inventory-Management-1.0-Stored-Cross-Site-Scripting-Vulnerability.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •