CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5515 – SourceCodester Stock Management System createBrand.php sql injection
https://notcve.org/view.php?id=CVE-2024-5515
30 May 2024 — A vulnerability was found in SourceCodester Stock Management System 1.0. It has been classified as critical. Affected is an unknown function of the file createBrand.php. The manipulation of the argument brandName leads to sql injection. It is possible to launch the attack remotely. • https://github.com/HaojianWang/cve/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 2CVE-2023-51951 – Stock Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2023-51951
05 Feb 2024 — SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file. Vulnerabilidad de inyección SQL en Stock Management System 1.0 permite a un atacante remoto ejecutar código arbitrario a través del parámetro id en el archivo manage_bo.php. Stock Management System version 1.0 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/178039 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0958 – CodeAstro Stock Management System Add Category index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0958
27 Jan 2024 — A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/drive/folders/17JTwjuT09q7he_oXkMtZS5jyyXw8ZIgg?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44114
https://notcve.org/view.php?id=CVE-2021-44114
31 Jan 2022 — Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Sourcecodester Stock Management System en PHP/OOP versión 1.0, que permite a usuarios remotos maliciosos una ejecución de código remoto arbitrario por medio de la función create user • https://medium.com/%40mayhem7999/cve-2021-44114-957145c1773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24198
https://notcve.org/view.php?id=CVE-2020-24198
09 Sep 2020 — A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' Una vulnerabilidad de tipo cross-site scripting persistente en Sourcecodester Stock Management System versión v1.0, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro "Brand Name". • https://cxsecurity.com/issue/WLB-2020090024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24197
https://notcve.org/view.php?id=CVE-2020-24197
09 Sep 2020 — A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. Una vulnerabilidad de inyección SQL en el componente login en Stock Management System versión v1.0, permite a un atacante remoto ejecutar comandos SQL arbitrarios por medio del parámetro username. • https://cxsecurity.com/issue/WLB-2020090028 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23830
https://notcve.org/view.php?id=CVE-2020-23830
02 Sep 2020 — A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el archivo changeUsername.php en SourceCodester Stock Management System versión v1.0, permite a atacantes remotos denegar futuros inicios de sesión al cambiar el nombre de usuario de una víctima auten... • https://www.exploit-db.com/exploits/48783 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-23831
https://notcve.org/view.php?id=CVE-2020-23831
01 Sep 2020 — A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials. Una vulnerabilidad Cross-Site Scripting (XSS) Reflejado en la página web del portal de inicio de sesión index.php de SourceCodester Stock Management System versión v1.0, permite a atacantes remotos recolectar credenciale... • https://github.com/boku7/StockManagement-XSS-Login-CredHarvester • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •