25 matches found
PT-2026-44907
Name of the Vulnerable Software and Affected Versions Froxlor version 2.3.6 Description A symlink-following flaw exists in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorized keys within a customer-controlled home...
CVE-2026-9446
A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...
SourceCodester Sales and Inventory System 安全漏洞
The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a security vulnerability. This vulnerability stems from improper cleaning of the parameter msg i...
PT-2026-29040
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add customer.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...
Water-Management-System 安全漏洞
Water-Management-System is an inventory management system by the individual developer Dikshant Naik. A security vulnerability exists in Water-Management-System version 1.0, which originates from a cross-site scripting vulnerability in the file /addcustomer.php...
CVE-2025-11471
A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function of the file /editcustomer.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...
CVE-2025-11471
A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function of the file /editcustomer.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...
CVE-2025-10804 Campcodes Online Beauty Parlor Management System add-customer.php sql injection
A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add-customer.php. Performing manipulation of the argument mobilenum results in sql injection. The attack can be initiated remotely. The exploi...
SourceCodester Best Salon Management System 注入漏洞
SourceCodester Best Salon Management System is a SourceCodester open source salon management system. SourceCodester Best Salon Management System version 1.0 has an injection vulnerability , the vulnerability stems from the add-customer.php file on the parameters...
Code-Projects Online Shoe Store 注入漏洞
Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter firstname in the file /function/editcustomer.php. An attacker can exploit this...
BIT-DOLIBARR-2023-33568
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...
Dell UCC Edge 代码问题漏洞
Dell UCC Edge is a Dell APEX metering solution from Dell USA. A code issue vulnerability exists in Dell UCC Edge version 2.3.0 that stems from a failure to validate input when adding a customer SFTP server...
PT-2024-16250 · Sourcecodester · Sourcecodester Petrol Pump Management
Name of the Vulnerable Software and Affected Versions: SourceCodester Petrol Pump Management Software version 1.0 Description: A critical issue was found in the software, affecting the /admin/edit customer.php file. The manipulation of the id argument leads to SQL injection. This issue can be...
CVE-2024-3614
A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. This affects an unknown part of the file customer.php. The manipulation of the argument namacustomer/alamatcustomer/notelpcustomer leads to cross site scripting. It is possible to initiate...
PT-2023-27141 · Sourcecodester · Sourcecodester Jewelry Store System
Name of the Vulnerable Software and Affected Versions: SourceCodester Jewelry Store System version 1.0 Description: A problem was found in the system, affecting some unknown functionality of the file add customer.php. This issue leads to cross site scripting, which can be launched remotely...
Dolibarr vulnerable to unauthenticated database access
An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...
CVE-2023-33568
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...
CVE-2023-33568
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...
Dolibarr 16 pre-auth contact database dump
Dolibarr version 16 use auxiliary/scanner/http/dolibarr16contactdump msf auxiliarydolibarr16contactdump show actions ...actions... msf auxiliarydolibarr16contactdump set ACTION msf auxiliarydolibarr16contactdump show options ...show and set options... msf auxiliarydolibarr16contactdump run This...
PT-2023-17038 · Sourcecodester · Sourcecodester Alphaware Simple E-Commerce System
Name of the Vulnerable Software and Affected Versions: SourceCodester Alphaware Simple E-Commerce System version 1.0 Description: A critical issue affects some unknown functionality of the file function/edit customer.php. The manipulation of the argument firstname/mi/lastname with the input a'...