16 matches found
CVE-2023-4437
CVE-2023-4437 affects SourceCodester Inventory Management System 1.0. The vulnerable component is the file app/ajax/search_sell_paymen_report.php, where manipulating the argument customer leads to an SQL injection. Exploitation is possible remotely, and public exploits have been disclosed (VDB-23...
CVE-2023-4555
SourceCodester Inventory Management System 1.0 is affected by CVE-2023-4555 via an unsafely handled parameter in suppliar_data.php (name/company), enabling cross-site scripting. The vulnerability can be triggered remotely and has been publicly disclosed. Red Hat and CVE records corroborate the is...
CVE-2023-24232
CVE-2023-24232 corresponds to a stored XSS in Inventory Management System v1, specifically in the /php-inventory-management-system/product.php component. The vulnerability allows an attacker to inject crafted payloads via the Product Name parameter to execute arbitrary web scripts/HTML. Reported ...
CVE-2023-4438
CVE-2023-4438 affects SourceCodester Inventory Management System 1.0. a SQL injection in file app/ajax/search_sales_report.php via the customer parameter. Remote attacker can exploit; exploit has been disclosed publicly. Impact is described as critical in the sources. No patch/version details are...
CVE-2023-4558
CVE-2023-4558 affects SourceCodester Inventory Management System 1.0, where an SQL injection is possible via staff_data.php and the argument columns[0][data]. The vulnerability arises from manipulating that parameter, enabling remote exploitation. Multiple sources (NVD, Red Hat, CVE records) conf...
CVE-2023-4183
The CVE-2023-4183 entry concerns SourceCodester Inventory Management System 1.0, where the file edit_update.php in the Password Handler allows an attacker to manipulate the user_id parameter to bypass access controls. This remote, network-based flaw can impact confidentiality, integrity, and avai...
CVE-2023-4184
CVE-2023-4184 affects SourceCodester Inventory Management System 1.0; the sell_return.php file’s pid parameter is unsafely handled, enabling SQL injection via remote exploitation. Multiple connected sources confirm the vulnerability’s root cause and potential impact. There is no publicly document...
CVE-2023-4449
SourceCodester Free and Open Source Inventory Management System 1.0 contains a SQL injection vulnerability in the /index.php?page=member endpoint. The issue arises from manipulating the columns[0][data] parameter, enabling remote exploitation. Descriptions in multiple sources identify this as a c...
CVE-2023-4436
CVE-2023-4436 affects SourceCodester Inventory Management System 1.0. The vulnerability arises from unsafe handling in the file app/action/edit_update.php where manipulating the user_id parameter leads to SQL injection. It is a network-accessible issue with no required user interaction. Impact pe...
CVE-2023-4182
SourceCodester Inventory Management System 1.0 has a SQL injection vulnerability in edit_sell.php via the up_pid parameter. The issue is described as critical and allows remote exploitation, with no public patch version specified in the provided documents. Some sources advise avoiding the up_pid ...
CVE-2023-4557
CVE-2023-4557 affects SourceCodester Inventory Management System 1.0. The vulnerability is in an unknown function of the file app/ajax/search_purchase_paymen_report.php; manipulating the customer parameter leads to an SQL injection. The issue permits remote exploitation and has been publicly disc...
CVE-2023-24234
CVE-2023-24234 affects Inventory Management System v1, specifically the php-inventory-management-system/brand.php component. The vulnerability is a stored XSS that allows an attacker to inject arbitrary web scripts or HTML via the Brand Name parameter. Reported impact is execution of scripts with...
CVE-2023-24231
CVE-2023-24231 : A stored cross-site scripting (XSS) vulnerability exists in the Inventory Management System v1, specifically in the component at /php-inventory-management-system/categories.php. The issue arises when a crafted payload is injected into the Categories Name parameter, allowing an at...
CVE-2023-24233
CVE-2023-24233 describes a stored XSS in the Inventory Management System v1, specifically in the component /php-inventory-management-system/orders.php?o=add. The vulnerability is triggered via the Client Name parameter, enabling an attacker to inject arbitrary web scripts or HTML. Documented impa...
CVE-2023-36337
CVE-2023-36337 affects PHP Inventory Management System v1. The vulnerability is a reflected XSS in the component /index.php/cuzh4 that allows an attacker to trigger arbitrary web scripts/HTML via a crafted payload. Metrics indicate CVSS v3.1 base score 6.1 (MEDIUM) with network attack vector, low...
CVE-2023-36338
CVE-2023-36338 affects Inventory Management System 1 with a SQL injection flaw caused by insufficient sanitization of user input before SQL queries. The exploitation details are not described in the provided documents, and there is no published fix in the connected sources; monitoring for updates...