15 matches found
CVE-2025-64490
SuiteCRM (versions 7.14.7 and earlier; 8.0.0-beta.1 through 8.9.0) has an access-control flaw where a low-privileged user with a restrictive role can view and create work items via Resource Calendar and project screens even when related modules (Projects, Project Tasks, Tasks, Leads, Accounts, Me...
CVE-2022-36701
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/viewitem.php...
CVE-2021-21260
Online Invoicing System OIS is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf...
CVE-2024-41551
CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via SupplyManagementSystem/admin/vieworderitems.php?id=...
CVE-2024-41550
CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via SupplyManagementSystem/admin/viewinvoiceitems.php?id=...
CVE-2023-33676
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=" which can be escalated to the remote command execution...
CVE-2023-33677
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id="...
CVE-2023-33677
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id="...
PT-2024-12436 · Sourcecodester · Lost/Found Information System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Lost and Found Information System version 1.0 Description: The issue is related to unauthenticated SQL Injection. The vulnerability can be exploited at the API endpoint "?page=items/view&id=". This allows for potential...
BigProf Online Invoicing System Cross-Site Scripting Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Invoicing System version 3.2, which stems from a cross-site scripting vulnerability in the FirstRecord parameter of /inventory/itemsview.php...
PT-2023-32658 · Unknown · Bigprof Online Invoicing System
Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the BigProf Online Invoicing System, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the...
PT-2023-32662 · Unknown · Bigprof Online Invoicing System
Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the "/inventory/items view.php" API...
BigProf Online Invoicing System Cross-Site Scripting Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Invoicing System version 2.6, which originates from a cross-site scripting vulnerability in the FirstRecord parameter of /invoicing/app/itemsview.php...
PT-2023-20774 · Sourcecodester · Sourcecodester Lost/Found Information System
Name of the Vulnerable Software and Affected Versions: SourceCodester Lost and Found Information System version 1.0 Description: A critical issue has been discovered, affecting an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the id argume...
PT-2022-23568 · Unknown · Ingredients Stock Management System
Name of the Vulnerable Software and Affected Versions: Ingredients Stock Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/items/view item.php" API endpoint. Recommendations: For...