CVE-2024-6267 – SourceCodester Service Provider Management System System Info Page index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-6267
A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.php of the component System Info Page. The manipulation of the argument System Name/System Short Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://docs.google.com/document/d/1upC4101Ob9UW7fGC_valsEa45Q5xuBgcKZhs1Q-WoBM/edit?usp=sharing https://github.com/sgr-xd/CVEs/blob/main/CVE-2024-6267.md https://vuldb.com/?ctiid.269479 https://vuldb.com/?id.269479 https://vuldb.com/?submit.362661 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-43457
https://notcve.org/view.php?id=CVE-2023-43457
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. Un problema en Service Provider Management System v.1.0 permite a un atacante remoto obtener privilegios a través del parámetro ID en el endpoint /php-spms/admin/?page=user/. • https://samh4cks.github.io/posts/cve-2023-43457 https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html https://www.sourcecodester.com/users/tips23 • CWE-269: Improper Privilege Management •
CVE-2023-43456
https://notcve.org/view.php?id=CVE-2023-43456
Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint. Una vulnerabilidad de cross site scripting en Service Provider Management System v.1.0 permite a un atacante remoto ejecutar código arbitrario y obtener información sensible a través de los parámetros de nombre, segundo nombre y apellido en el endpoint /php-spms/admin/?page=user. • https://samh4cks.github.io/posts/cve-2023-43456 https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html https://www.sourcecodester.com/users/tips23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-3644 – SourceCodester Service Provider Management System sql injection
https://notcve.org/view.php?id=CVE-2023-3644
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. • https://vuldb.com/?ctiid.233890 https://vuldb.com/?id.233890 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-34581 – Service Provider Management System v1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2023-34581
Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2 • https://www.exploit-db.com/exploits/51482 https://github.com/ashikkunjumon/cve-reports/blob/main/README.md https://packetstormsecurity.com/files/172559/Service-Provider-Management-System-1.0-SQL-Injection.html https://vulners.com/packetstorm/PACKETSTORM:172559 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •