CVE-2023-5021 – SourceCodester AC Repair and Services System cross site scripting
https://notcve.org/view.php?id=CVE-2023-5021
A vulnerability, which was classified as problematic, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file admin/?page=system_info/contact_information. The manipulation of the argument telephone/mobile/address leads to cross site scripting. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.239862 https://vuldb.com/?id.239862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-3678 – SourceCodester AC Repair and Services System HTTP POST Request sql injection
https://notcve.org/view.php?id=CVE-2023-3678
A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. • https://vuldb.com/?ctiid.234223 https://vuldb.com/?id.234223 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-3661 – SourceCodester AC Repair and Services System sql injection
https://notcve.org/view.php?id=CVE-2023-3661
A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. • https://vuldb.com/?ctiid.234015 https://vuldb.com/?id.234015 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-3659 – SourceCodester AC Repair and Services System cross site scripting
https://notcve.org/view.php?id=CVE-2023-3659
A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manage_user. The manipulation of the argument firstname/middlename leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?ctiid.234013 https://vuldb.com/?id.234013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-3658 – SourceCodester AC Repair and Services System HTTP POST Request sql injection
https://notcve.org/view.php?id=CVE-2023-3658
A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file Master.php?f=delete_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.234012 https://vuldb.com/?id.234012 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •