CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26283
https://notcve.org/view.php?id=CVE-2022-26283
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. Se ha detectado que Simple Subscription Website versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el endpoint final view_plan. Esta vulnerabilidad permite a atacantes volcar la base de datos de la aplicación por medio de peticiones HTTP diseñadas • https://github.com/Dir0x/Multiple-SQLi-in-Simple-Subscription-Company/blob/main/view_plan_sqli.py • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 5CVE-2021-43141
https://notcve.org/view.php?id=CVE-2021-43141
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Sourcecodester Simple Subscription Website versión 1.0, por medio del parámetro id en plan_application • https://github.com/Jeromeyoung/CVE-2021-43141 https://github.com/Dir0x/CVE-2021-43141 https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-43141 https://streamable.com/8gydfs https://www.nu11secur1ty.com/2021/11/cve-2021-43141.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 4CVE-2021-43140 – Simple Subscription Website 1.0 - SQLi Authentication Bypass
https://notcve.org/view.php?id=CVE-2021-43140
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login. Se presenta una vulnerabilidad de inyección SQL en Sourcecodester Simple Subscription Website versión 1.0. por medio del inicio de sesión Simple Subscription Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • https://www.exploit-db.com/exploits/50522 http://packetstormsecurity.com/files/164968/Simple-Subscription-Website-1.0-SQL-Injection.html https://github.com/Dir0x/CVE-2021-43140 https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-43140 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •