CVE-2019-25443

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

PT-2026-3043

Name of the Vulnerable Software and Affected Versions 10-Strike Network Inventory Explorer Pro version 9.31 Description The software contains an unquoted service path vulnerability in the srvInventoryWebServer service, which runs with LocalSystem privileges. An attacker can exploit this by placin...

CVE-2025-60314

Summary : CVE-2025-60314 affects Configuroweb Sistema Web de Inventario 1.0. The vulnerability is a Stored Cross-Site Scripting (XSS) caused by the lack of input sanitization on the product name parameter (Nombre:Producto). An authenticated attacker can inject malicious JavaScript payloads and ex...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...