CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1988 – SourceCodester Online Computer and Laptop Store cross site scripting
https://notcve.org/view.php?id=CVE-2023-1988
11 Apr 2023 — A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=maintenance/brand. The manipulation of the argument Brand Name leads to cross site scripting. The attack may be launched remotely. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/5-%20There%20is%20a%20storage%20type%20cross%20site%20scripting%20attack%20at%20the%20brand%20name.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1987 – SourceCodester Online Computer and Laptop Store update_order_status sql injection
https://notcve.org/view.php?id=CVE-2023-1987
11 Apr 2023 — A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is the function update_order_status of the file /classes/Master.php?f=update_order_status. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/4-SQL%20injection%20present%20at%20order%20status%20update.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1986 – SourceCodester Online Computer and Laptop Store delete_order sql injection
https://notcve.org/view.php?id=CVE-2023-1986
11 Apr 2023 — A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function delete_order of the file /classes/master.php?f=delete_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/3-SQL%20injection%20exists%20at%20order%20deletion%20point.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1985 – SourceCodester Online Computer and Laptop Store save_brand sql injection
https://notcve.org/view.php?id=CVE-2023-1985
11 Apr 2023 — A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. This issue affects the function save_brand of the file /classes/Master.php?f=save_brand. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/1-SQL%20injection%20exists%20at%20the%20location%20where%20the%20brand%20list%20is%20added.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1961 – SourceCodester Online Computer and Laptop Store cross site scripting
https://notcve.org/view.php?id=CVE-2023-1961
08 Apr 2023 — A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/Cross%20site%20scripting%20attack%20at%20system%20name%20setting.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1960 – SourceCodester Online Computer and Laptop Store sql injection
https://notcve.org/view.php?id=CVE-2023-1960
08 Apr 2023 — A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/SQL%20injection%20exists%20at%20the%20deletion%20point%20of%20the%20category%20list.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1959 – SourceCodester Online Computer and Laptop Store sql injection
https://notcve.org/view.php?id=CVE-2023-1959
08 Apr 2023 — A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/SQL%20injection%20exists%20at%20the%20newly%20added%20category%20list.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1958 – SourceCodester Online Computer and Laptop Store sql injection
https://notcve.org/view.php?id=CVE-2023-1958
08 Apr 2023 — A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/SQL%20injection%20present%20at%20subcategory%20deletion.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1957 – SourceCodester Online Computer and Laptop Store Subcategory sql injection
https://notcve.org/view.php?id=CVE-2023-1957
08 Apr 2023 — A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_sub_category of the component Subcategory Handler. The manipulation of the argument sub_category leads to sql injection. The attack may be launched remotely. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/SQL%20injection%20exists%20at%20the%20newly%20added%20subcategory%20list.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1956 – SourceCodester Online Computer and Laptop Store Image path traversal
https://notcve.org/view.php?id=CVE-2023-1956
08 Apr 2023 — A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/Any%20file%20deletion%20exists%20in%20the%20system%20management%20department.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •