CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7105 – code-projects E-Commerce Website index_search.php sql injection
https://notcve.org/view.php?id=CVE-2023-7105
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been classified as critical. Affected is an unknown function of the file index_search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. • https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%201.md https://vuldb.com/?ctiid.249000 https://vuldb.com/?id.249000 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7075 – code-projects Point of Sales and Inventory Management System checkout.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-7075
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Glunko/vulnerability/blob/main/Point-of-Sales-And-Inventory-Management-System.md https://vuldb.com/?ctiid.248846 https://vuldb.com/?id.248846 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48078
https://notcve.org/view.php?id=CVE-2023-48078
SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter. Vulnerabilidad de inyección SQL en add.php en Simple CRUD Functionality v1.0 permite a atacantes ejecutar comandos SQL arbitrarios a través del parámetro 'title'. • https://github.com/esasadam06/Simple-CRUD-Functionality-SQLi-POC • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46582
https://notcve.org/view.php?id=CVE-2023-46582
SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component. Vulnerabilidad de inyección SQL en Inventory Management v.1.0 permite a un atacante local ejecutar comandos SQL arbitrarios a través del parámetro id en el componente deleteProduct.php. • https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46582-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46023 – Simple Task List 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2023-46023
SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter. Vulnerabilidad de inyección SQL en addTask.php en Code-Projects Simple Task List 1.0 permite a los atacantes obtener información confidencial a través del parámetro 'status'. Simple Task List version 1.0 suffers from a remote SQL injection vulnerability. • https://github.com/ersinerenler/Code-Projects-Simple-Task-List-1.0/blob/main/CVE-2023-46023-Code-Projects-Simple-Task-List-1.0-SQL-Injection-Vulnerability.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •