Page 2 of 9 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_block. The manipulation of the argument id leads to sql injection. • https://gist.github.com/topsky979/f495fd0ec7cdda5c7c6059a0b2224b64 https://vuldb.com/?ctiid.273157 https://vuldb.com/?id.273157 https://vuldb.com/?submit.381470 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. • https://gist.github.com/topsky979/d4684a6cf3ca446bb7c71c51ff6152ba https://vuldb.com/?ctiid.273156 https://vuldb.com/?id.273156 https://vuldb.com/?submit.381469 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. • https://gist.github.com/topsky979/da1899833a862fb19fcc146b6725a67b https://vuldb.com/?ctiid.273155 https://vuldb.com/?id.273155 https://vuldb.com/?submit.381468 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. • https://gist.github.com/topsky979/e2fa238262fcafdd8e301c32ee9f8e3a https://vuldb.com/?ctiid.273154 https://vuldb.com/?id.273154 https://vuldb.com/?submit.381467 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •