Page 3 of 19 results (0.002 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=. Simple Client Management System versión 1.0, es vulnerable a una inyección SQL por medio de /cms/admin/?page=invoice/view_invoice&id= • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/simple-client-management-system/SQLi-10.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=. Simple Client Management System versión 1.0, es vulnerable a una inyección SQL por medio de /cms/admin/?page=client/view_client&id= • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/simple-client-management-system/SQLi-11.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0

A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. Se presenta una vulnerabilidad de Ejecución de Código Remota (RCE) en Simple Client Management System versión 1.0, en el archivo create.php debido a que no es comprobada la extensión del archivo que es enviada en una petición • https://www.exploit-db.com/exploits/50094 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. Se presenta una vulnerabilidad de inyección SQL en Sourcecodester Simple Client Management System versión 1.0, por medio del parámetro password en el archivo Login.php • https://raw.githubusercontent.com/Sentinal920/Findings/main/Simple%20Client%20Management%20System/sql.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice. Se presentan múltiples vulnerabilidades de tipo Cross Site Scripting (XSS) en Ssourcecodester Simple Client Management System v1 por medio de (1) Add new Client y (2) Add new invoice • https://raw.githubusercontent.com/Sentinal920/Findings/main/Simple%20Client%20Management%20System/xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •