CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3691 – PHPGurukul Small CRM Registration Page sql injection
https://notcve.org/view.php?id=CVE-2024-3691
12 Apr 2024 — A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/nikhil-aniill/Small-CRM-CVE • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2024-3690 – PHPGurukul Small CRM Change Password sql injection
https://notcve.org/view.php?id=CVE-2024-3690
12 Apr 2024 — A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/taeseongk/CVE-2024-3690 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50035
https://notcve.org/view.php?id=CVE-2023-50035
29 Dec 2023 — PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed. PHPGurukul Small CRM 3.0 es vulnerable a la inyección SQL en el panel de inicio de sesión de los usuarios debido a que el parámetro "password" se usa directamente en la consulta SQL sin ninguna sanitización y sin que se ejecute el payload de la inyección SQL. • https://github.com/hackerhijeck/Exploited/blob/main/Small_CRM/SQL-Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45394
https://notcve.org/view.php?id=CVE-2023-45394
20 Oct 2023 — Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el campo Company en la sección "Solicitar una cotización" de Small CRM v3.0 permite a un atacante almacenar y ejecutar código javascript malicioso en el panel de administración, lo que conduce a la apropiación... • https://github.com/kartik753/CVE/blob/main/CVE-2023-45394 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44075
https://notcve.org/view.php?id=CVE-2023-44075
04 Oct 2023 — Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en Small CRM en PHP v.3.0 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro Dirección. • https://github.com/TheKongV/CVE/blob/main/CVE-2023-44075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43331
https://notcve.org/view.php?id=CVE-2023-43331
26 Sep 2023 — A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. Una vulnerabilidad de Cross-Site Scripting (XSS) en la función Agregar Usuario de Small CRM v3.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el campo Nombre. • https://github.com/Kartikhunter/CVE/blob/main/CVE-2023-43331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47073
https://notcve.org/view.php?id=CVE-2022-47073
25 Jan 2023 — A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter. Existe una vulnerabilidad de cross site scripting (XSS) en Create Ticket page of Small CRM v3.0., permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro "Asunto". • https://medium.com/%40shiva.infocop/stored-xss-found-in-small-crm-phpgurukul-7890ea3c04df • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •