5 matches found
CVE-2021-43140
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login...
CVE-2021-43141
Cross Site Scripting XSS vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in planapplication...
CVE-2021-43141
Cross Site Scripting XSS vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in planapplication...
CVE-2021-43141
CVE-2021-43141 affects Sourcecodester Simple Subscription Website 1.0. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via the id parameter in plan_application (and, per some sources, also via users_application). Root cause is improper handling/validation of user input in the a...
CVE-2021-43140
Sourcecodester Simple Subscription Website 1.0 is affected by a SQL Injection in the login/authentication flow. The vulnerability arises in the login endpoint (e.g., plan_application/Actions.php?a=login) and can be exploited with input like admin' or 1=1-- to bypass authentication and potentially...