6 matches found
CVE-2022-22107
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the...
Auto Dealer Management System 1.0 SQL Injection Vulnerability
Auto Dealer Management System - SQL Injection on page viewtransaction.php and parameter is id, application url is ?page=vehicles/viewtransaction&id=? with low privilege authentication CVE Assigned: CVE-2023-0912 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari Author Email:...
Missing Authorization in DayByDay CRM
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the...
CVE-2022-22108
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of...
Itech Inventory Management Software 3.77 - SQL Injection
Exploit Title: Itech Inventory Management Software v3.77 - SQL Injection Google Dork: N/A Date: 02.02.2017 Vendor Homepage: http://itechscripts.com/ Software Buy: http://www.itechscripts.com/inventory-management-software/ Demo: http://inventory.itechscripts.com/ Version: 3.77 Tested on: Win7 x64,...
Itech Inventory Management Software 3.77 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Itech Inventory Management Software v3.77 - SQL Injection Google Dork: N/A Date: 02.02.2017 Vendor Homepage: http://itechscripts.com/ Software Buy: http://www.itechscripts.com/inventory-management-software/ Demo:...