CVE-2024-7947 – SourceCodester Point of Sales and Inventory Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2024-7947
A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CveSecLook/cve/issues/60 https://vuldb.com/?ctiid.275139 https://vuldb.com/?id.275139 https://vuldb.com/?submit.393525 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-7075 – code-projects Point of Sales and Inventory Management System checkout.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-7075
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Glunko/vulnerability/blob/main/Point-of-Sales-And-Inventory-Management-System.md https://vuldb.com/?ctiid.248846 https://vuldb.com/?id.248846 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •