CVE-2024-3691 – PHPGurukul Small CRM Registration Page sql injection
https://notcve.org/view.php?id=CVE-2024-3691
A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/nikhil-aniill/Small-CRM-CVE https://vuldb.com/?ctiid.260480 https://vuldb.com/?id.260480 https://vuldb.com/?submit.312975 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-3690 – PHPGurukul Small CRM Change Password sql injection
https://notcve.org/view.php?id=CVE-2024-3690
A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/psudo-bugboy/CVE-2024 https://vuldb.com/?ctiid.260479 https://vuldb.com/?id.260479 https://vuldb.com/?submit.312974 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-50035
https://notcve.org/view.php?id=CVE-2023-50035
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed. PHPGurukul Small CRM 3.0 es vulnerable a la inyección SQL en el panel de inicio de sesión de los usuarios debido a que el parámetro "password" se usa directamente en la consulta SQL sin ninguna sanitización y sin que se ejecute el payload de la inyección SQL. • https://github.com/hackerhijeck/Exploited/blob/main/Small_CRM/SQL-Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-45394
https://notcve.org/view.php?id=CVE-2023-45394
Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el campo Company en la sección "Solicitar una cotización" de Small CRM v3.0 permite a un atacante almacenar y ejecutar código javascript malicioso en el panel de administración, lo que conduce a la apropiación de la cuenta de Administrador. • https://github.com/kartik753/CVE/blob/main/CVE-2023-45394 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-44075
https://notcve.org/view.php?id=CVE-2023-44075
Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en Small CRM en PHP v.3.0 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro Dirección. • https://github.com/TheKongV/CVE/blob/main/CVE-2023-44075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •