CVE-2023-46581

CVE-2023-46581 : Inventory Management v1.0 contains a SQL injection in registration.php via the name, uname and email parameters, enabling a local attacker to execute arbitrary code. Root cause is unsanitized inputs. Exploitation status and official remediation are not detailed in the provided do...

CVE-2023-46580

CVE-2023-46580 describes a cross-site scripting (XSS) vulnerability in Inventory Management V1.0 where the pname parameter of the editProduct.php component can be exploited to run arbitrary script in the victim’s browser. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) indicates a netwo...

CVE-2023-46582

The CVE-2023-46582 entry describes a SQL injection in Inventory Management v.1.0, exploitable by a local attacker through the id parameter in deleteProduct.php. The vulnerability affects the Inventory Management component (deleteProduct.php) and stems from improper handling of the id input, allow...

CVE-2024-11250

The CVE-2024-11250 entry concerns code-projects Inventory Management up to version 1.0. The vulnerability is a SQL injection in the /model/editProduct.php file, triggered by manipulating the id parameter. Exploitation is described as remote, with public disclosures cited. The impact is high for c...

CVE-2024-8605

CVE-2024-8605 affects code-projects Inventory Management 1.0, specifically the Registration Form component in the /view/registration.php file. The issue is a cross-site scripting flaw triggered by manipulating input such as , with remote initiation and public disclosure of exploits. Multiple conn...

CVE-2024-8710

CVE-2024-8710 affects code-projects Inventory Management 1.0. The vulnerability is a SQL injection in the file /model/viewProduct.php, via the id parameter, which can be exploited remotely. Multiple sources confirm this is a critical issue with high impact on confidentiality, integrity, and avail...