CVE-2023-6775 – CodeAstro POS and Inventory Management System item_con cross site scripting
https://notcve.org/view.php?id=CVE-2023-6775
A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /item/item_con. The manipulation of the argument item_name leads to cross site scripting. It is possible to initiate the attack remotely. • https://drive.google.com/drive/folders/12llrfm5nmsbNexeyAroB6nL5yjqAYL8T?usp=sharing https://vuldb.com/?ctiid.247911 https://vuldb.com/?id.247911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-6774 – CodeAstro POS and Inventory Management System register_account cross site scripting
https://notcve.org/view.php?id=CVE-2023-6774
A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /accounts_con/register_account. The manipulation of the argument Username with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/drive/folders/1wnrdIuBhZh5ia9Q61b_V_72eIaHsX-B1?usp=sharing https://vuldb.com/?ctiid.247910 https://vuldb.com/?id.247910 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-6773 – CodeAstro POS and Inventory Management System User Creation register_account access control
https://notcve.org/view.php?id=CVE-2023-6773
A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /accounts_con/register_account of the component User Creation Handler. The manipulation of the argument account_type with the input Admin leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/drive/folders/1yuc1n6tr57wD8qsT0HAFDVAuii7iibDM?usp=sharing https://vuldb.com/?ctiid.247909 https://vuldb.com/?id.247909 • CWE-284: Improper Access Control •
CVE-2022-43085
https://notcve.org/view.php?id=CVE-2022-43085
An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Una vulnerabilidad de carga de archivos arbitrarios en add_product.php de Restaurant POS System v1.0 permite a atacantes ejecutar código arbitrario a través de un archivo PHP manipulado. • https://github.com/Tr0e/CVE_Hunter/blob/main/RCE-3.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-43086
https://notcve.org/view.php?id=CVE-2022-43086
Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php. Se descubrió que Restaurant POS System v1.0 contenía una vulnerabilidad de inyección SQL a través de update_customer.php. • https://github.com/Tr0e/CVE_Hunter/blob/main/SQLi-4.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •