CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4555 – SourceCodester Inventory Management System suppliar_data.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-4555
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file suppliar_data.php. The manipulation of the argument name/company leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/Inventory-Management-System-XSS.md https://vuldb.com/?ctiid.238153 https://vuldb.com/?id.238153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4449 – SourceCodester Free and Open Source Inventory Management System sql injection
https://notcve.org/view.php?id=CVE-2023-4449
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. • https://github.com/Jacky-Y/vuls/blob/main/README.md https://vuldb.com/?ctiid.237570 https://vuldb.com/?id.237570 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4438 – SourceCodester Inventory Management System search_sales_report.php sql injection
https://notcve.org/view.php?id=CVE-2023-4438
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/PUBLIC%20CVE%20HUB/Free%20and%20Open%20Source%20inventory%20management%20system%20-%20vuln%203.pdf https://vuldb.com/?ctiid.237559 https://vuldb.com/?id.237559 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4437 – SourceCodester Inventory Management System search_sell_paymen_report.php sql injection
https://notcve.org/view.php?id=CVE-2023-4437
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_sell_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/PUBLIC%20CVE%20HUB/Free%20and%20Open%20Source%20inventory%20management%20system%20-%20vuln%202.pdf https://vuldb.com/?ctiid.237558 https://vuldb.com/?id.237558 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4436 – SourceCodester Inventory Management System edit_update.php sql injection
https://notcve.org/view.php?id=CVE-2023-4436
A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/edit_update.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/PUBLIC%20CVE%20HUB/Free%20and%20Open%20Source%20inventory%20management%20system%20-%20vuln%201.pdf https://vuldb.com/?ctiid.237557 https://vuldb.com/?id.237557 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •