Lucene search
K

122 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:37 p.m.8 views

CVE-2022-2746

A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier assigne...

9.8CVSS7.2AI score0.00463EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:0 a.m.7 views

CVE-2019-8291

Online Store System v1.0 deletefile.php doesn't check to see if a user has administrative rights nor does it check for path traversal...

7.5CVSS7AI score0.01407EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 a.m.8 views

CVE-2019-8292

Online Store System v1.0 deleteproduct.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion...

5.3CVSS7.1AI score0.01886EPSS
Exploits1References1
OSV
OSV
added 2025/05/09 8:15 a.m.3 views

CVE-2025-4472

A vulnerability was found in code-projects Departmental Store Management System 1.0. It has been classified as critical. Affected is the function bill. The manipulation of the argument Item Code leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The explo...

7.8CVSS5.8AI score0.00407EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/08/17 12:0 a.m.7 views

PT-2024-38669 · Unknown · Tosei Online Store Management System

Name of the Vulnerable Software and Affected Versions: Tosei Online Store Management System versions 4.02 through 4.04 Description: A critical vulnerability was found in the Backend component of the system, allowing for the use of default credentials. The attack can be initiated remotely. The...

9.8CVSS7.3AI score0.00553EPSS
Exploits0References9
NVD
NVD
added 2024/07/21 11:15 a.m.25 views

CVE-2024-6951

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. This affects an unknown part of the file admindelete.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to initiate the attack remotely. The explo...

9.8CVSS0.00544EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/07/21 11:0 a.m.15 views

CVE-2024-6951 SourceCodester Simple Online Book Store System admin_delete.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. This affects an unknown part of the file admindelete.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to initiate the attack remotely. The explo...

6.5CVSS7.6AI score0.00544EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/07/21 11:0 a.m.33 views

CVE-2024-6951 SourceCodester Simple Online Book Store System admin_delete.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. This affects an unknown part of the file admindelete.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to initiate the attack remotely. The explo...

6.5CVSS0.00544EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/07/21 12:0 a.m.8 views

PT-2024-37990 · Sourcecodester · Sourcecodester Simple Online Book Store System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Book Store System version 1.0 Description: A critical issue was found in the system, affecting an unknown part of the file admin delete.php. The manipulation of the bookisbn argument leads to SQL injection. It is...

9.8CVSS8.5AI score0.00544EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2024/03/01 10:15 p.m.5 views

CVE-2023-49540

Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the history parameter...

6.1CVSS6AI score0.00577EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2024/03/01 10:15 p.m.3 views

CVE-2023-49543

Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating...

9.8CVSS5.8AI score0.00963EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.3 views

Book Store Management System Security Vulnerability

Book Store Management System is an online bookstore system by Carlo Montero, an individual developer. A security vulnerability exists in Book Store Management System v1.0, which originates from a cross-site scripting vulnerability in the /bsmsci/index.php/history file...

6.1CVSS6.1AI score0.00577EPSS
Exploits1References5
NVD
NVD
added 2023/07/28 7:15 a.m.22 views

CVE-2023-3989

A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addcustomer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifi...

6.1CVSS4.4AI score0.00556EPSS
Exploits1References3
Prion
Prion
added 2023/07/28 7:15 a.m.16 views

Cross site scripting

A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addcustomer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifi...

4CVSS6AI score0.00556EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/28 6:31 a.m.18 views

CVE-2023-3989 SourceCodester Jewelry Store System add_customer.php cross site scripting

A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addcustomer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifi...

4CVSS6AI score0.00556EPSS
Exploits1References3
CVE
CVE
added 2023/07/28 6:31 a.m.58 views

CVE-2023-3989

CVE-2023-3989 affects SourceCodester Jewelry Store System 1.0, specifically the add_customer.php functionality. Multiple sources describe a cross-site scripting (XSS) flaw in an unknown function of that file, with remote exploitation possible. Documented impact indicates only user interaction is ...

6.1CVSS4.4AI score0.00556EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2023/04/24 12:0 a.m.11 views

Microweber Information Disclosure Vulnerability (CNVD-2023-32768)

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images and more. A security vulnerability exists in Microweber versions prior to 1.3.4, which stems from...

8.8CVSS6.7AI score0.00706EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/04/13 12:0 a.m.5 views

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber versions prior to 1.3.3 that...

5.3CVSS4.7AI score0.00484EPSS
Exploits1References3
OSV
OSV
added 2023/01/20 7:15 p.m.4 views

CVE-2023-23024

Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter...

6.1CVSS6.5AI score0.00423EPSS
Exploits1References1
OSV
OSV
added 2022/12/02 3:15 p.m.3 views

CVE-2022-45215

A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module...

5.4CVSS5.9AI score0.00377EPSS
Exploits0References2
Rows per page
Query Builder