CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46450
https://notcve.org/view.php?id=CVE-2023-46450
Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. El sistema de gestión de inventario Gratuito y de Código Abierto Sourcecodester v1.0 es vulnerable a Cross Site Scripting (XSS) a través de la función Agregar proveedor. • https://github.com/yte121/-CVE-2023-46450 https://youtu.be/LQy0_xIK2q0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4749 – SourceCodester Inventory Management System index.php file inclusion
https://notcve.org/view.php?id=CVE-2023-4749
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://skypoc.wordpress.com/2023/09/03/%e3%80%90code-audit%e3%80%91open-source-ample-inventory-management-system-v1-0-by-mayuri_k-has-a-file-inclusion-vulnerability https://vuldb.com/?ctiid.238638 https://vuldb.com/?id.238638 • CWE-73: External Control of File Name or Path •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4201 – SourceCodester Inventory Management System ex_catagory_data.php sql injection
https://notcve.org/view.php?id=CVE-2023-4201
A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file ex_catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yesec/Inventory-Management-System/blob/main/SQL%20Injection%20in%20ex_catagory_data.php/vuln.md https://vuldb.com/?ctiid.236291 https://vuldb.com/?id.236291 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4200 – SourceCodester Inventory Management System product_data.php. sql injection
https://notcve.org/view.php?id=CVE-2023-4200
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file product_data.php.. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yesec/Inventory-Management-System/blob/main/SQL%20Injection%20in%20product_data.php/vuln.md https://vuldb.com/?ctiid.236290 https://vuldb.com/?id.236290 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4199 – SourceCodester Inventory Management System catagory_data.php sql injection
https://notcve.org/view.php?id=CVE-2023-4199
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yesec/Inventory-Management-System/blob/main/SQL%20Injection%20in%20catagory_data.php/vuln.md https://vuldb.com/?ctiid.236289 https://vuldb.com/?id.236289 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •