15 matches found
CVE-2018-19923
An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is member/memberemail.php?action=edit CSRF...
CVE-2018-19925
An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. It has SQL injection via the member/memberorder.php type parameter, related to the Ostate parameter...
CVE-2018-19924
An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address...
EUVD-2018-11595
Malware in sbrugna...
EUVD-2018-11338
Malware in sbrugna...
EUVD-2018-11596
Malware in sbrugna...
EUVD-2018-11597
Malware in sbrugna...
Coman 1.0 - id SQL Injection
Coman 1.0 - id SQL Injection Exploit Title: Coman - Company Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-20 Exploit Author: Ihsan Sencan Vendor Homepage: http://ragob.com/ Software Link: https://codecanyon.net/item/coman-company-management-system/17799270 Version: 1.0 Category:...
Coman 1.0 - 'id' SQL Injection
Exploit Title: Coman - Company Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-20 Exploit Author: Ihsan Sencan Vendor Homepage: http://ragob.com/ Software Link: https://codecanyon.net/item/coman-company-management-system/17799270 Version: 1.0 Category: Webapps Tested on:...
CVE-2018-19923
An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is member/memberemail.php?action=edit CSRF...
Input validation
An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address...
CVE-2018-19924
An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address...
Sales & Company Management System Privilege Permission and Access Control Vulnerability
Sales & Company Management System SCMS is a sales and company management system. The system includes features such as customer management, product management and tax management. A privilege permission and access control vulnerability exists in SCMS 2018-06-06 and prior versions, which can be...
Design/Logic Flaw
An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a...
CVE-2018-19654
CVE-2018-19654 affects the Sales & Company Management System (SCMS) up to 2018-06-06. The issue is a discrepancy between a string-validation component and the MySQL query component, allowing registration of a new account with a username that already exists (e.g., test%c2) when the account is alre...