CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9323 – SourceCodester Inventory Management System add_staff.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-9323
A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/action/add_staff.php. The manipulation leads to cross site scripting. The attack can be launched remotely. • https://hackmd.io/@SeaWind/rySx1IbR0 https://vuldb.com/?ctiid.278827 https://vuldb.com/?id.278827 https://vuldb.com/?submit.413401 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7947 – SourceCodester Point of Sales and Inventory Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2024-7947
A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CveSecLook/cve/issues/60 https://vuldb.com/?ctiid.275139 https://vuldb.com/?id.275139 https://vuldb.com/?submit.393525 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6830 – SourceCodester Simple Inventory Management System Order action.php sql injection
https://notcve.org/view.php?id=CVE-2024-6830
A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Affected is an unknown function of the file action.php of the component Order Handler. The manipulation of the argument order_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Xu-Mingming/cve/blob/main/sql1.md https://vuldb.com/?ctiid.271812 https://vuldb.com/?id.271812 https://vuldb.com/?submit.375233 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1926 – SourceCodester Free and Open Source Inventory Management System search_sales_report.php sql injection
https://notcve.org/view.php?id=CVE-2024-1926
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack may be initiated remotely. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Free%20and%20Open%20Source%20inventory%20management%20system-SQLi.md https://vuldb.com/?ctiid.254861 https://vuldb.com/?id.254861 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •