CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46580
https://notcve.org/view.php?id=CVE-2023-46580
Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component. La vulnerabilidad de Cross-Site Scripting (XSS) en Inventory Management V1.0 permite a atacantes ejecutar código arbitrario a través del parámetro pname del componente editProduct.php. • https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46580-Code-Projects-Inventory-Management-1.0-Stored-Cross-Site-Scripting-Vulnerability.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46581
https://notcve.org/view.php?id=CVE-2023-46581
SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component. Vulnerabilidad de inyección SQL en Inventory Management v.1.0 permite a un atacante local ejecutar código arbitrario a través de los parámetros name, uname y email electrónico en el componente registration.php. • https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46581-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46022 – Blood Bank 1.0 - 'bid' SQLi
https://notcve.org/view.php?id=CVE-2023-46022
SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter. Vulnerabilidad de inyección SQL en delete.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar comandos SQL arbitrarios a través del parámetro 'bid'. Blood Bank version 1.0 suffers from suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Nitin Sharma in October of 2021. • https://www.exploit-db.com/exploits/51912 https://github.com/ersinerenler/CVE-2023-46022-Code-Projects-Blood-Bank-1.0-OOB-SQL-Injection-Vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46021
https://notcve.org/view.php?id=CVE-2023-46021
SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the 'reqid' parameter. Vulnerabilidad de inyección SQL en cancel.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar comandos arbitrarios a través del parámetro 'reqid'. • https://github.com/ersinerenler/CVE-2023-46021-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46016
https://notcve.org/view.php?id=CVE-2023-46016
Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL. Cross Site Scripting (XSS) en abs.php en Code-Projects Blood Bank 1.0 permite a los atacantes ejecutar código arbitrario a través del parámetro 'search' en la URL de la aplicación. • https://github.com/ersinerenler/CVE-2023-46016-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •