CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-39707
https://notcve.org/view.php?id=CVE-2023-39707
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section. • https://github.com/Arajawat007/CVE-2023-39707 https://gist.github.com/Arajawat007/b94d7ce74fcf16014e282a9b525f4555#file-cve-2023-39707 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4449 – SourceCodester Free and Open Source Inventory Management System sql injection
https://notcve.org/view.php?id=CVE-2023-4449
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. • https://github.com/Jacky-Y/vuls/blob/main/README.md https://vuldb.com/?ctiid.237570 https://vuldb.com/?id.237570 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4438 – SourceCodester Inventory Management System search_sales_report.php sql injection
https://notcve.org/view.php?id=CVE-2023-4438
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/PUBLIC%20CVE%20HUB/Free%20and%20Open%20Source%20inventory%20management%20system%20-%20vuln%203.pdf https://vuldb.com/?ctiid.237559 https://vuldb.com/?id.237559 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4437 – SourceCodester Inventory Management System search_sell_paymen_report.php sql injection
https://notcve.org/view.php?id=CVE-2023-4437
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_sell_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/PUBLIC%20CVE%20HUB/Free%20and%20Open%20Source%20inventory%20management%20system%20-%20vuln%202.pdf https://vuldb.com/?ctiid.237558 https://vuldb.com/?id.237558 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4436 – SourceCodester Inventory Management System edit_update.php sql injection
https://notcve.org/view.php?id=CVE-2023-4436
A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/edit_update.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/PUBLIC%20CVE%20HUB/Free%20and%20Open%20Source%20inventory%20management%20system%20-%20vuln%201.pdf https://vuldb.com/?ctiid.237557 https://vuldb.com/?id.237557 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •