239 matches found
Purchase Order Management v1.0 - SQL Injection
A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/viewdetails.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is...
Purchase Order Management v1.0 - Cross Site Scripting (Reflected)
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the password parameter at /purchaseorder/classes/login.php. id: CVE-2023-29623 info: name: Purchase Order Management v1.0 - Cross Site Scripting Reflected author: theamanrawat severity:...
Malicious code in wdt-erpmcp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec852c69947e2a2575ae37ce4a442a67dc01f7328c0c603b94c87aa84803623f wdt-erpmcp advertises itself as a generic MCP wrapper over the caller's Wangdian Tongda WDT ERP, and three of its four tools correctly read WDTAPPKEY...
CVE-2023-29623
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the password parameter at /purchaseorder/classes/login.php...
CVE-2023-29622
Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchaseorder/admin/login.php...
Inside a purchase order PDF phishing campaign
A PDF named "NEW Purchase Order 52177236.pdf" turned out to be a phishing lure. So we analyzed the phishing script behind it. A customer contacted me when Malwarebytes blocked the link inside a “purchase order” email they had received. Malwarebytes blocked this ionoscloud.com subdomain When I...
EUVD-2016-0257
Malware in sbrugna...
EUVD-2022-47343
Malicious code in bioql PyPI...
EUVD-2022-42874
Malicious code in bioql PyPI...
EUVD-2022-32509
Malicious code in bioql PyPI...
EUVD-2023-33799
Malicious code in bioql PyPI...
EUVD-2022-32508
Malicious code in bioql PyPI...
CVE-2024-48454
An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component...
CVE-2023-5957
The Ni Purchase OrderPO For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell...
CVE-2023-29621
Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server...
CVE-2023-2293
A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been classified as problematic. This affects an unknown part of the file classes/Master.php?f=saveitem. The manipulation of the argument description with the input leads to cross site scripting. It is possibl...
CVE-2023-2130
A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/viewdetails.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is...
CVE-2022-28023
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchaseorder/classes/Master.php?f=deletesupplier...
CVE-2022-44400
Purchase Order Management System v1.0 contains a file upload vulnerability via /purchaseorder/admin/?page=systeminfo...
CVE-2022-3503
A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site...