CVE-2023-1987 – SourceCodester Online Computer and Laptop Store update_order_status sql injection
https://notcve.org/view.php?id=CVE-2023-1987
A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is the function update_order_status of the file /classes/Master.php?f=update_order_status. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/4-SQL%20injection%20present%20at%20order%20status%20update.pdf https://vuldb.com/?ctiid.225535 https://vuldb.com/?id.225535 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-1986 – SourceCodester Online Computer and Laptop Store delete_order sql injection
https://notcve.org/view.php?id=CVE-2023-1986
A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function delete_order of the file /classes/master.php?f=delete_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/3-SQL%20injection%20exists%20at%20order%20deletion%20point.pdf https://vuldb.com/?ctiid.225534 https://vuldb.com/?id.225534 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-1985 – SourceCodester Online Computer and Laptop Store save_brand sql injection
https://notcve.org/view.php?id=CVE-2023-1985
A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. This issue affects the function save_brand of the file /classes/Master.php?f=save_brand. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/1-SQL%20injection%20exists%20at%20the%20location%20where%20the%20brand%20list%20is%20added.pdf https://vuldb.com/?ctiid.225533 https://vuldb.com/?id.225533 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-1961 – SourceCodester Online Computer and Laptop Store cross site scripting
https://notcve.org/view.php?id=CVE-2023-1961
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/Cross%20site%20scripting%20attack%20at%20system%20name%20setting.pdf https://vuldb.com/?ctiid.225348 https://vuldb.com/?id.225348 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-1960 – SourceCodester Online Computer and Laptop Store sql injection
https://notcve.org/view.php?id=CVE-2023-1960
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. • https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/SQL%20injection%20exists%20at%20the%20deletion%20point%20of%20the%20category%20list.pdf https://vuldb.com/?ctiid.225347 https://vuldb.com/?id.225347 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •