14 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. Un problema en Service Provider Management System v.1.0 permite a un atacante remoto obtener privilegios a través del parámetro ID en el endpoint /php-spms/admin/?page=user/. • https://samh4cks.github.io/posts/cve-2023-43457 https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html https://www.sourcecodester.com/users/tips23 • CWE-269: Improper Privilege Management •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint. Una vulnerabilidad de cross site scripting en Service Provider Management System v.1.0 permite a un atacante remoto ejecutar código arbitrario y obtener información sensible a través de los parámetros de nombre, segundo nombre y apellido en el endpoint /php-spms/admin/?page=user. • https://samh4cks.github.io/posts/cve-2023-43456 https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html https://www.sourcecodester.com/users/tips23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. • https://vuldb.com/?ctiid.233890 https://vuldb.com/?id.233890 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4

Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2 • https://www.exploit-db.com/exploits/51482 https://github.com/ashikkunjumon/cve-reports/blob/main/README.md https://packetstormsecurity.com/files/172559/Service-Provider-Management-System-1.0-SQL-Injection.html https://vulners.com/packetstorm/PACKETSTORM:172559 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Service%20Provider%20Management%20System%20-%20multiple%20vulnerabilities.md https://vuldb.com/?ctiid.230799 https://vuldb.com/?id.230799 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •