CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29983
https://notcve.org/view.php?id=CVE-2022-29983
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=. Simple Client Management System versión 1.0, es vulnerable a una inyección SQL por medio de /cms/admin/?page=invoice/view_invoice&id= • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/simple-client-management-system/SQLi-10.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29984
https://notcve.org/view.php?id=CVE-2022-29984
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=. Simple Client Management System versión 1.0, es vulnerable a una inyección SQL por medio de /cms/admin/?page=client/view_client&id= • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/simple-client-management-system/SQLi-11.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2021-43484
https://notcve.org/view.php?id=CVE-2021-43484
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. Se presenta una vulnerabilidad de Ejecución de Código Remota (RCE) en Simple Client Management System versión 1.0, en el archivo create.php debido a que no es comprobada la extensión del archivo que es enviada en una petición • https://www.exploit-db.com/exploits/50094 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43506
https://notcve.org/view.php?id=CVE-2021-43506
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. Se presenta una vulnerabilidad de inyección SQL en Sourcecodester Simple Client Management System versión 1.0, por medio del parámetro password en el archivo Login.php • https://raw.githubusercontent.com/Sentinal920/Findings/main/Simple%20Client%20Management%20System/sql.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43505
https://notcve.org/view.php?id=CVE-2021-43505
Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice. Se presentan múltiples vulnerabilidades de tipo Cross Site Scripting (XSS) en Ssourcecodester Simple Client Management System v1 por medio de (1) Add new Client y (2) Add new invoice • https://raw.githubusercontent.com/Sentinal920/Findings/main/Simple%20Client%20Management%20System/xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •