CVE-2024-10166

CVE-2024-10166 affects Codezips Sales Management System 1.0, where the vulnerability lies in the checkuser.php parameter name, enabling SQL injection via remote attack. Multiple sources classify impact as critical/high and describe exploitation and public disclosure. Connected documents confirm t...

CVE-2024-10370

This CVE refers to Codezips Sales Management System 1.0. The vulnerability is an SQL injection in the /addcustind.php file caused by unsafely handling the refno parameter, which can be exploited remotely. Multiple connected sources confirm the issue and describe it as critical, with exploit infor...

CVE-2024-10165

CVE-2024-10165 affects Codezips Sales Management System 1.0. The vulnerability resides in deletecustcom.php where manipulating the parameter id enables SQL injection. Impact is described as potentially high confidentiality, integrity, and availability effects, with remote exploitation and public ...

CVE-2024-10369

CVE-2024-10369 affects Codezips Sales Management System 1.0. The vulnerability is a SQL injection in the /addcustcom.php file, triggered by manipulating the refno parameter. It is exploitable remotely and impacts confidentiality, integrity, and availability. Multiple sources confirm the issue and...

CVE-2024-10368

CVE-2024-10368 affects Codezips Sales Management System 1.0, with a SQL injection through the prodtype parameter in an unknown function of /addstock.php. The vulnerability can be exploited remotely and has been publicly disclosed. Multiple connected sources confirm the issue and indicate high ris...

CVE-2024-10167

CVE-2024-10167 affects Codezips Sales Management System 1.0, specifically the file deletecustind.php where the parameter id can be manipulated to cause SQL injection. The vulnerability enables remote exploitation and was disclosed publicly. Root cause stated: unsafely handling the id parameter le...