CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50035
https://notcve.org/view.php?id=CVE-2023-50035
29 Dec 2023 — PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed. PHPGurukul Small CRM 3.0 es vulnerable a la inyección SQL en el panel de inicio de sesión de los usuarios debido a que el parámetro "password" se usa directamente en la consulta SQL sin ninguna sanitización y sin que se ejecute el payload de la inyección SQL. • https://github.com/hackerhijeck/Exploited/blob/main/Small_CRM/SQL-Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45394
https://notcve.org/view.php?id=CVE-2023-45394
20 Oct 2023 — Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el campo Company en la sección "Solicitar una cotización" de Small CRM v3.0 permite a un atacante almacenar y ejecutar código javascript malicioso en el panel de administración, lo que conduce a la apropiación... • https://github.com/kartik753/CVE/blob/main/CVE-2023-45394 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44075
https://notcve.org/view.php?id=CVE-2023-44075
04 Oct 2023 — Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en Small CRM en PHP v.3.0 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro Dirección. • https://github.com/TheKongV/CVE/blob/main/CVE-2023-44075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43331
https://notcve.org/view.php?id=CVE-2023-43331
26 Sep 2023 — A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. Una vulnerabilidad de Cross-Site Scripting (XSS) en la función Agregar Usuario de Small CRM v3.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el campo Nombre. • https://github.com/Kartikhunter/CVE/blob/main/CVE-2023-43331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34650
https://notcve.org/view.php?id=CVE-2023-34650
28 Jun 2023 — PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS). • https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34650 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47073
https://notcve.org/view.php?id=CVE-2022-47073
25 Jan 2023 — A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter. Existe una vulnerabilidad de cross site scripting (XSS) en Create Ticket page of Small CRM v3.0., permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro "Asunto". • https://medium.com/%40shiva.infocop/stored-xss-found-in-small-crm-phpgurukul-7890ea3c04df • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5511
https://notcve.org/view.php?id=CVE-2020-5511
08 Jan 2020 — PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. PHPGurukul Small CRM versión v2.0, se encontró vulnerable a la omisión de autenticación por medio de una inyección SQL cuando se registran en la página de inicio de sesión del administrador. • https://www.exploit-db.com/exploits/47874 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •