2 matches found
CVE-2021-43130
CVE-2021-43130 affects Sourcecodester Customer Relationship Management System (CRM) 1.0. The vulnerability is an SQL injection in the username parameter of the file path customer/login.php, caused by unsanitized input in the login flow. Per NVD, the CVSSv3.1 base score is 9.8 (CRITICAL) with netw...
CVE-2021-37221
CVE-2021-37221 affects Sourcecodester Customer Relationship Management System 1.0. A file-upload flaw in the account update and customer-create paths could let a remote attacker upload an arbitrary PHP file, enabling code execution on the server. Public references include an exploit in Exploit-DB...