CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6305 – SourceCodester Free and Open Source Inventory Management System suppliar_data.php sql injection
https://notcve.org/view.php?id=CVE-2023-6305
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file ample/app/ajax/suppliar_data.php. The manipulation of the argument columns leads to sql injection. The attack may be initiated remotely. • https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system.md https://vuldb.com/?ctiid.246131 https://vuldb.com/?id.246131 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39712
https://notcve.org/view.php?id=CVE-2023-39712
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Free and Open Source Inventory Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante la inyección de un payload manipulado en los parámetros Nombre, Dirección y Compañía en la sección Add New Put. • https://github.com/Arajawat007/CVE-2023-39712 https://gist.github.com/Arajawat007/836b586cfb8faeb4edbe57ff1c5dc457#file-cve-2023-39712 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-39711
https://notcve.org/view.php?id=CVE-2023-39711
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Free and Open Source Inventory Management System v1.0 permiten a los atacantes ejecutar scripts web arbitrarios o HTML mediante la inyección de un payload manipulado en los parámetros Subtotal y Paidbill en la sección Agregar nueva. • https://github.com/Arajawat007/CVE-2023-39711 https://gist.github.com/Arajawat007/1683f9640c0d62337e0bbe23569d1ea5#file-cve-2023-39711 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-39710
https://notcve.org/view.php?id=CVE-2023-39710
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Free and Open Source Inventory Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante la inyección de un payload manipulado en los parámetros Nombre, Dirección y Compañía en la sección Add Customer section. • https://github.com/Arajawat007/CVE-2023-39710 https://gist.github.com/Arajawat007/dc6e4dd231accf777dae30d890a4e7df#file-cve-2023-39710 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-39714
https://notcve.org/view.php?id=CVE-2023-39714
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Free and Open Source Inventory Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante la inyección de un payload manipulado en los parámetros Nombre, Dirección y Compañía en la sección Add New Put. • https://github.com/Arajawat007/CVE-2023-39714 https://gist.github.com/Arajawat007/141e68161014e832e30d39b1979a8a6c#file-cve-2023-39714 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •