Lucene search
+L

338 matches found

redhatcve
redhatcve
added 2025/05/23 5:53 a.m.6 views

CVE-2023-22088

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: User Management. Supported versions that are affected are 7.4.0 and 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...

4.3CVSS4.9AI score0.00398EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 3:36 a.m.6 views

CVE-2023-29621

Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server...

8.8CVSS8.3AI score0.00985EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 1:52 a.m.11 views

CVE-2023-2130

A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/viewdetails.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is...

9.8CVSS7.5AI score0.04122EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 1:6 a.m.7 views

CVE-2022-28023

Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchaseorder/classes/Master.php?f=deletesupplier...

9.8CVSS8.3AI score0.02971EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 12:51 a.m.11 views

CVE-2022-33959

IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320...

8.1CVSS6.4AI score0.00454EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 12:7 a.m.9 views

CVE-2022-44400

Purchase Order Management System v1.0 contains a file upload vulnerability via /purchaseorder/admin/?page=systeminfo...

9.8CVSS7AI score0.01057EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 11:14 p.m.8 views

CVE-2022-3503

A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site...

5.4CVSS6.4AI score0.00459EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 10:39 p.m.10 views

CVE-2022-28021

Purchase Order Management System v1.0 was discovered to contain a remote code execution RCE vulnerability via /purchaseorder/admin/?page=user...

9.8CVSS8.4AI score0.24256EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 10:39 p.m.8 views

CVE-2022-28022

Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchaseorder/classes/Master.php?f=deleteitem...

9.8CVSS8.3AI score0.02971EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 9:55 p.m.5 views

CVE-2022-34333

IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698...

7.5CVSS6.5AI score0.00595EPSS
Exploits0References1
ibm
ibm
added 2025/04/29 2:33 a.m.75 views

Security Bulletin: Order Management is subject to various OS vulnerabilites which could have allowed attacker various entry points into application.

Summary Order Management has updated the container OS version and remediated to the point of code freeze. This bulletin identifies the steps to take to address the vulnerabilities by updating to the very latest OS version. Vulnerability Details CVEID:CVE-2022-2923 DESCRIPTION: Vim is vulnerable t...

7.8CVSS10AI score0.05533EPSS
Exploits8Affected Software1
ptsecurity
ptsecurity
added 2025/04/15 12:0 a.m.11 views

PT-2025-16463 · Oracle · Oracle Communications Order/Service Management

Name of the Vulnerable Software and Affected Versions: Oracle Communications Order and Service Management versions 7.4.0 through 7.5.0 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful...

5.5CVSS6.1AI score0.0018EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/03/20 4:2 p.m.16 views

CVE-2024-44314

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the indexonUpdateStatus function within Orders.php, which fails to verify if the user has permission to modify an order'...

6.5CVSS6.7AI score0.0027EPSS
Exploits0References1
osv
osv
added 2025/03/18 3:30 p.m.5 views

GHSA-W5H7-MW56-4V7X TastyIgniter Has an Incorrect Access Control Vulnerability

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the indexonUpdateStatus function within Orders.php, which fails to verify if the user has permission to modify an order'...

6.5CVSS6.8AI score0.0027EPSS
Exploits0References4
osv
osv
added 2025/03/18 12:0 a.m.21 views

CVE-2024-44314

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the indexonUpdateStatus function within Orders.php, which fails to verify if the user has permission to modify an order'...

6.5CVSS6.5AI score0.0027EPSS
Exploits0References4
bdu_fstec
bdu_fstec
added 2025/02/10 12:0 a.m.5 views

The vulnerability of the Security component of the Oracle Communications Order and Service Management system allows a perpetrator to gain read, modify, add, or delete access to data, or cause a partial service disruption.

The vulnerability of the Security component of the Oracle Communications Order and Service Management system is related to a data source validation error. Exploiting this vulnerability may allow an attacker, operating remotely, to gain read, modify, add, or delete access to data, or cause a parti...

6.5CVSS7.7AI score0.00185EPSS
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2025/02/05 8:48 a.m.20 views

CVE-2024-38708

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory &...

8.8CVSS5.9AI score0.00455EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/01/21 12:0 a.m.5 views

PT-2025-4276 · Oracle · Oracle Communications Order/Service Management

Name of the Vulnerable Software and Affected Versions: Oracle Communications Order and Service Management versions 7.4.0 through 7.5.0 Description: The issue is related to insufficient authorization procedures in the Security component of Oracle Communications Order and Service Management. This c...

5.3CVSS7.8AI score0.0037EPSS
Exploits0References8
cnnvd
cnnvd
added 2025/01/21 12:0 a.m.6 views

Oracle Communications Order and Service Management 访问控制错误漏洞

Oracle Communications Order and Service Management is an order management system from Oracle Corporation Oracle that is used to coordinate the order fulfillment functions required to complete orders. A security vulnerability exists in Oracle Communications Order and Service Management versions...

6.3CVSS8.4AI score0.00185EPSS
Exploits0References3
nessus
nessus
added 2024/12/11 12:0 a.m.7 views

Oracle Siebel CRM < 16.5 (October 2016 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2016 CPU advisory. - Vulnerability in the Siebel Apps - Customer Order Management component of Oracle Siebel CRM subcomponent: Customizable Prod/Configurator. The...

6.5CVSS6.6AI score0.01369EPSS
Exploits0References3
Rows per page
Query Builder