CVE-2021-43657
https://notcve.org/view.php?id=CVE-2021-43657
A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields. • https://github.com/c0n5n3d/CVE-2021-43657 https://github.com/c0n5n3d/CVE-2021-43657/blob/main/Info.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-29747
https://notcve.org/view.php?id=CVE-2022-29747
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. Simple Client Management System versión 1.0, es vulnerable a una inyección SQL por medio de /cms/admin/?page=invoice/manage_invoice&id= // Lugar de Filtrado ---> id • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/simple-client-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-29748
https://notcve.org/view.php?id=CVE-2022-29748
Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=. Simple Client Management System versión 1.0, es vulnerable a una inyección SQL por medio de \cms\admin?page=client/manage_client&id= • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/simple-client-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-29749
https://notcve.org/view.php?id=CVE-2022-29749
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. Simple Client Management System versión 1.0, es vulnerable a una inyección SQL por medio de /cms/classes/Master.php?f=delete_invoice • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/simple-client-management-system/SQLi-4.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-29750
https://notcve.org/view.php?id=CVE-2022-29750
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. Simple Client Management System versión 1.0, es vulnerable a una inyección SQL por medio de /cms/classes/Master.php?f=delete_service • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/simple-client-management-system/SQLi-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •