CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9323 – SourceCodester Inventory Management System add_staff.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-9323
A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/action/add_staff.php. The manipulation leads to cross site scripting. The attack can be launched remotely. • https://hackmd.io/@SeaWind/rySx1IbR0 https://vuldb.com/?ctiid.278827 https://vuldb.com/?id.278827 https://vuldb.com/?submit.413401 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7157 – SourceCodester Free and Open Source Inventory Management System sell_return_data.php sql injection
https://notcve.org/view.php?id=CVE-2023-7157
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /app/ajax/sell_return_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://medium.com/@heishou/inventory-management-system-sql-injection-7b955b5707eb https://vuldb.com/?ctiid.249179 https://vuldb.com/?id.249179 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7155 – SourceCodester Free and Open Source Inventory Management System edit_product.php sql injection
https://notcve.org/view.php?id=CVE-2023-7155
A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://medium.com/@heishou/inventory-management-system-sql-injection-f6d67247c7ae https://vuldb.com/?ctiid.249177 https://vuldb.com/?id.249177 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6306 – SourceCodester Free and Open Source Inventory Management System member_data.php sql injection
https://notcve.org/view.php?id=CVE-2023-6306
A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system2.md https://vuldb.com/?ctiid.246132 https://vuldb.com/?id.246132 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6305 – SourceCodester Free and Open Source Inventory Management System suppliar_data.php sql injection
https://notcve.org/view.php?id=CVE-2023-6305
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file ample/app/ajax/suppliar_data.php. The manipulation of the argument columns leads to sql injection. The attack may be initiated remotely. • https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system.md https://vuldb.com/?ctiid.246131 https://vuldb.com/?id.246131 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •