6 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The attack can be initiated remotely. • https://docs.qq.com/doc/DYmhqV3piekZ5dlZi https://vuldb.com/?ctiid.252304 https://vuldb.com/?id.252304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component. Un problema en Expense Management System v.1.0 permite a un atacante local ejecutar código arbitrario a través de un archivo manipulado subido al componente sign-up.php. • https://abstracted-howler-727.notion.site/CVE-2023-44824-ab76909b4a0e477b87aa8d0ca4aa4ca7 https://abstracted-howler-727.notion.site/Vulnerability-Description-ccc2e6489a0d43859c61a7982e649da1 https://gist.github.com/Muscial/e46c4e4031d25a3684cda124dfc45d96 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenado en la aplicación Expense Management System versión 1.0, que permite una ejecución arbitraria de comandos JavaScript mediante el archivo index.php • https://egavilanmedia.com/Expense-Management-System https://github.com/martinkubecka/CVE-References/blob/main/CVE-2021-41434.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. Se ha detectado que Expense Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en /Home/debit_credit_p • https://github.com/mikeccltt/0724/blob/main/ci_ems/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. EGavilan Media Expense-Management-System versión 1.0, es vulnerable a una Inyección SQL por medio del archivo /expense_action.php. Esto permite a un atacante remoto comprometer la base de datos SQL de la aplicación • https://github.com/EGavilan-Media/Expense-Management-System/issues/1 https://medium.com/%40shubhamvpandey/cve-2021-44098-8dbaced8b854 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •