10 results (0.003 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. • https://www.exploit-db.com/exploits/51513 http://packetstormsecurity.com/files/172908/Sales-Tracker-Management-System-1.0-HTML-Injection.html https://github.com/ctflearner/Vulnerability/blob/main/Sales_Tracker_Management_System/stms.md https://vuldb.com/?ctiid.231164 https://vuldb.com/?id.231164 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/products/manage_product.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. • https://github.com/graywar1/bug_report/blob/main/SQLi.md https://vuldb.com/?ctiid.225530 https://vuldb.com/?id.225530 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive information via sales.php component of the admin/reports endpoint. Sales Tracker Management System version 1.0 suffers from an information disclosure vulnerability. • https://packetstormsecurity.com/files/171692/Sales-Tracker-Management-System-1.0-Insecure-Direct-Object-Reference.html https://twitter.com/retrymp3 https://www.sourcecodester.com/download-code?nid=16061&title=Sales+Tracker+Management+System+using+PHP+Free+Source+Code https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file. Sales Tracker Management System version 1.0 suffers from a cross site scripting vulnerability. • https://packetstormsecurity.com/files/171686/Sales-Tracker-Management-System-1.0-Cross-Site-Scripting.html https://twitter.com/retrymp3 https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html https://www.sourcecodester.com/users/tips23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. This vulnerability affects the function delete_client of the file classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Mart1nD0t/vul-test/blob/main/sts-3.md https://vuldb.com/?ctiid.222646 https://vuldb.com/?id.222646 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •