15 matches found
CVE-2025-64490
SuiteCRM (versions 7.14.7 and earlier; 8.0.0-beta.1 through 8.9.0) has an access-control flaw where a low-privileged user with a restrictive role can view and create work items via Resource Calendar and project screens even when related modules (Projects, Project Tasks, Tasks, Leads, Accounts, Me...
CVE-2022-36701
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/viewitem.php...
CVE-2021-21260
Online Invoicing System OIS is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf...
CVE-2024-41550
CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via SupplyManagementSystem/admin/viewinvoiceitems.php?id=...
CVE-2024-41551
CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via SupplyManagementSystem/admin/vieworderitems.php?id=...
CVE-2023-33676
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=" which can be escalated to the remote command execution...
CVE-2023-33677
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id="...
CVE-2023-33677
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id="...
PT-2024-12436
Name of the Vulnerable Software and Affected Versions Sourcecodester Lost and Found Information System version 1.0 Description The issue is related to unauthenticated SQL Injection. The vulnerability can be exploited at the API endpoint "?page=items/view&id=". This allows for potential manipulati...
BigProf Online Invoicing System Cross-Site Scripting Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Invoicing System version 2.6, which originates from a cross-site scripting vulnerability in the FirstRecord parameter of /invoicing/app/itemsview.php...
BigProf Online Invoicing System Cross-Site Scripting Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Invoicing System version 3.2, which stems from a cross-site scripting vulnerability in the FirstRecord parameter of /inventory/itemsview.php...
PT-2023-32662 · Unknown · Bigprof Online Invoicing System
Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the "/inventory/items view.php" API...
PT-2023-32658 · Unknown · Bigprof Online Invoicing System
Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the BigProf Online Invoicing System, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the...
PT-2023-20774 · Sourcecodester · Sourcecodester Lost/Found Information System
Name of the Vulnerable Software and Affected Versions: SourceCodester Lost and Found Information System version 1.0 Description: A critical issue has been discovered, affecting an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the id argume...
PT-2022-23568 · Unknown · Ingredients Stock Management System
Name of the Vulnerable Software and Affected Versions: Ingredients Stock Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/items/view item.php" API endpoint. Recommendations: For...