CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0355 – PHPGurukul Dairy Farm Shop Management System add-category.php sql injection
https://notcve.org/view.php?id=CVE-2024-0355
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability. • https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8 https://vuldb.com/?ctiid.250122 https://vuldb.com/?id.250122 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41593
https://notcve.org/view.php?id=CVE-2023-41593
Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters. Múltiples vulnerabilidades de cross-site scripting(XSS) en Dairy Farm Shop Management System que utilizan PHP y MySQL v1.1 permiten a los atacantes ejecutar scripts web y HTML arbitrarias a través de un payload manipulado inyectado en los parámetros Categoría y Campo de categoría. • https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41593 https://portswigger.net/web-security/cross-site-scripting https://www.acunetix.com/websitesecurity/cross-site-scripting https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41594
https://notcve.org/view.php?id=CVE-2023-41594
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters. Se ha descubierto que Dairy Farm Shop Management System Using PHP and MySQL v1.1 contiene múltiples vulnerabilidades de inyección SQL en la función de inicio de sesión a través de los parámetros de nombre de usuario y contraseña. • https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594 https://portswigger.net/web-security/sql-injection https://www.acunetix.com/vulnerabilities/web/sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •