338 matches found
CVE-2023-22088
Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: User Management. Supported versions that are affected are 7.4.0 and 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...
CVE-2023-29621
Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server...
CVE-2023-2130
A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/viewdetails.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is...
CVE-2022-28023
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchaseorder/classes/Master.php?f=deletesupplier...
CVE-2022-33959
IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320...
CVE-2022-44400
Purchase Order Management System v1.0 contains a file upload vulnerability via /purchaseorder/admin/?page=systeminfo...
CVE-2022-3503
A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site...
CVE-2022-28021
Purchase Order Management System v1.0 was discovered to contain a remote code execution RCE vulnerability via /purchaseorder/admin/?page=user...
CVE-2022-28022
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchaseorder/classes/Master.php?f=deleteitem...
CVE-2022-34333
IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698...
Security Bulletin: Order Management is subject to various OS vulnerabilites which could have allowed attacker various entry points into application.
Summary Order Management has updated the container OS version and remediated to the point of code freeze. This bulletin identifies the steps to take to address the vulnerabilities by updating to the very latest OS version. Vulnerability Details CVEID:CVE-2022-2923 DESCRIPTION: Vim is vulnerable t...
PT-2025-16463 · Oracle · Oracle Communications Order/Service Management
Name of the Vulnerable Software and Affected Versions: Oracle Communications Order and Service Management versions 7.4.0 through 7.5.0 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful...
CVE-2024-44314
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the indexonUpdateStatus function within Orders.php, which fails to verify if the user has permission to modify an order'...
GHSA-W5H7-MW56-4V7X TastyIgniter Has an Incorrect Access Control Vulnerability
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the indexonUpdateStatus function within Orders.php, which fails to verify if the user has permission to modify an order'...
CVE-2024-44314
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the indexonUpdateStatus function within Orders.php, which fails to verify if the user has permission to modify an order'...
The vulnerability of the Security component of the Oracle Communications Order and Service Management system allows a perpetrator to gain read, modify, add, or delete access to data, or cause a partial service disruption.
The vulnerability of the Security component of the Oracle Communications Order and Service Management system is related to a data source validation error. Exploiting this vulnerability may allow an attacker, operating remotely, to gain read, modify, add, or delete access to data, or cause a parti...
CVE-2024-38708
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory &...
PT-2025-4276 · Oracle · Oracle Communications Order/Service Management
Name of the Vulnerable Software and Affected Versions: Oracle Communications Order and Service Management versions 7.4.0 through 7.5.0 Description: The issue is related to insufficient authorization procedures in the Security component of Oracle Communications Order and Service Management. This c...
Oracle Communications Order and Service Management 访问控制错误漏洞
Oracle Communications Order and Service Management is an order management system from Oracle Corporation Oracle that is used to coordinate the order fulfillment functions required to complete orders. A security vulnerability exists in Oracle Communications Order and Service Management versions...
Oracle Siebel CRM < 16.5 (October 2016 CPU)
The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2016 CPU advisory. - Vulnerability in the Siebel Apps - Customer Order Management component of Oracle Siebel CRM subcomponent: Customizable Prod/Configurator. The...