CVE-2021-44114
https://notcve.org/view.php?id=CVE-2021-44114
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Sourcecodester Stock Management System en PHP/OOP versión 1.0, que permite a usuarios remotos maliciosos una ejecución de código remoto arbitrario por medio de la función create user • https://medium.com/%40mayhem7999/cve-2021-44114-957145c1773 https://www.sourcecodester.com/php/15023/stock-management-system-phpoop-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-24198
https://notcve.org/view.php?id=CVE-2020-24198
A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' Una vulnerabilidad de tipo cross-site scripting persistente en Sourcecodester Stock Management System versión v1.0, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro "Brand Name". • https://cxsecurity.com/issue/WLB-2020090024 https://www.sourcecodester.com/php/14366/stock-management-system-php.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-24197
https://notcve.org/view.php?id=CVE-2020-24197
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. Una vulnerabilidad de inyección SQL en el componente login en Stock Management System versión v1.0, permite a un atacante remoto ejecutar comandos SQL arbitrarios por medio del parámetro username. • https://cxsecurity.com/issue/WLB-2020090028 https://www.sourcecodester.com/php/14366/stock-management-system-php.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-23830
https://notcve.org/view.php?id=CVE-2020-23830
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el archivo changeUsername.php en SourceCodester Stock Management System versión v1.0, permite a atacantes remotos denegar futuros inicios de sesión al cambiar el nombre de usuario de una víctima autenticada cuando visitan un sitio de terceros • https://www.exploit-db.com/exploits/48783 https://www.sourcecodester.com/php/14366/stock-management-system-php.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-23831
https://notcve.org/view.php?id=CVE-2020-23831
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials. Una vulnerabilidad Cross-Site Scripting (XSS) Reflejado en la página web del portal de inicio de sesión index.php de SourceCodester Stock Management System versión v1.0, permite a atacantes remotos recolectar credenciales de inicio de sesión y cookies de sesión cuando una víctima no autenticada hace clic en una URL maliciosa e ingresa credenciales • https://github.com/boku7/StockManagement-XSS-Login-CredHarvester https://packetstormsecurity.com/files/158813/Tailor-MS-1.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •