29 results (0.002 seconds)

CVSS: 9.8EPSS: %CPEs: 1EXPL: 1

Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. Sourcecodester Stock Management System v1.0 es vulnerable a la inyección SQL a través de editCategories.php. • https://github.com/CveSecLook/cve/issues/42 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file. Vulnerabilidad de inyección SQL en Stock Management System 1.0 permite a un atacante remoto ejecutar código arbitrario a través del parámetro id en el archivo manage_bo.php. Stock Management System version 1.0 suffers from a remote SQL injection vulnerability. • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2023-004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/rickxy/Stock-Management-System/issues/2 https://vuldb.com/?id.214322 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-707: Improper Neutralization •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. • https://github.com/rickxy/Stock-Management-System/issues/4 https://vuldb.com/?id.214331 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-863: Incorrect Authorization •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. • https://github.com/rickxy/Stock-Management-System/issues/3 https://vuldb.com/?id.214324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •