5 matches found
CVE-2024-10021
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/managepurchase.php?action=search=VOUCHERNUMBER. The manipulation of the argument text leads to sql injection. The attack...
Code-Projects Pharmacy Management System SQL注入漏洞
Code-Projects Pharmacy Management System is a Code-Projects open source pharmacy management system. Code-Projects Pharmacy Management System version 1.0 has a SQL injection vulnerability that originates from the parameter text in the file /php/managepurchase.php?action=search&tag=VOUCHERNUMBER...
CVE-2023-40625
S4CORE Manage Purchase Contracts App - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and...
CVE-2023-40625
CVE-2023-40625 involves the SAP S4CORE Manage Purchase Contracts App where versions 102–107 do not perform necessary authorization checks for authenticated users, enabling potential privilege escalation. Connected source PT-2023-27547 corroborates the affected versions and notes remediation: upgr...
CVE-2023-40625 Missing Authorization check in SAP Manage Purchase Contracts App
S4CORE Manage Purchase Contracts App - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and...