Lucene search
K
Inventory Management System ProjectInventory Management System

16 matches found

CVE
CVE
added 2023/08/20 10:0 p.m.149 views

CVE-2023-4437

CVE-2023-4437 affects SourceCodester Inventory Management System 1.0. The vulnerable component is the file app/ajax/search_sell_paymen_report.php, where manipulating the argument customer leads to an SQL injection. Exploitation is possible remotely, and public exploits have been disclosed (VDB-23...

9.8CVSS8.3AI score0.00596EPSS
Web
CVE
CVE
added 2023/08/27 6:0 a.m.133 views

CVE-2023-4555

SourceCodester Inventory Management System 1.0 is affected by CVE-2023-4555 via an unsafely handled parameter in suppliar_data.php (name/company), enabling cross-site scripting. The vulnerability can be triggered remotely and has been publicly disclosed. Red Hat and CVE records corroborate the is...

6.1CVSS4.5AI score0.0043EPSS
Web
CVE
CVE
added 2023/02/10 12:0 a.m.126 views

CVE-2023-24232

CVE-2023-24232 corresponds to a stored XSS in Inventory Management System v1, specifically in the /php-inventory-management-system/product.php component. The vulnerability allows an attacker to inject crafted payloads via the Product Name parameter to execute arbitrary web scripts/HTML. Reported ...

4.8CVSS4.9AI score0.0048EPSS
Web
CVE
CVE
added 2023/08/20 10:31 p.m.60 views

CVE-2023-4438

CVE-2023-4438 affects SourceCodester Inventory Management System 1.0. a SQL injection in file app/ajax/search_sales_report.php via the customer parameter. Remote attacker can exploit; exploit has been disclosed publicly. Impact is described as critical in the sources. No patch/version details are...

9.8CVSS8.4AI score0.00596EPSS
Web
CVE
CVE
added 2023/08/27 10:31 p.m.58 views

CVE-2023-4558

CVE-2023-4558 affects SourceCodester Inventory Management System 1.0, where an SQL injection is possible via staff_data.php and the argument columns[0][data]. The vulnerability arises from manipulating that parameter, enabling remote exploitation. Multiple sources (NVD, Red Hat, CVE records) conf...

9.8CVSS8.4AI score0.00649EPSS
CVE
CVE
added 2023/08/06 11:0 a.m.57 views

CVE-2023-4183

The CVE-2023-4183 entry concerns SourceCodester Inventory Management System 1.0, where the file edit_update.php in the Password Handler allows an attacker to manipulate the user_id parameter to bypass access controls. This remote, network-based flaw can impact confidentiality, integrity, and avai...

9.8CVSS7.1AI score0.00431EPSS
CVE
CVE
added 2023/08/06 11:31 a.m.53 views

CVE-2023-4184

CVE-2023-4184 affects SourceCodester Inventory Management System 1.0; the sell_return.php file’s pid parameter is unsafely handled, enabling SQL injection via remote exploitation. Multiple connected sources confirm the vulnerability’s root cause and potential impact. There is no publicly document...

9.8CVSS8.8AI score0.00536EPSS
CVE
CVE
added 2023/08/21 2:0 a.m.51 views

CVE-2023-4449

SourceCodester Free and Open Source Inventory Management System 1.0 contains a SQL injection vulnerability in the /index.php?page=member endpoint. The issue arises from manipulating the columns[0][data] parameter, enabling remote exploitation. Descriptions in multiple sources identify this as a c...

8.8CVSS7.8AI score0.0069EPSS
CVE
CVE
added 2023/08/20 10:0 p.m.50 views

CVE-2023-4436

CVE-2023-4436 affects SourceCodester Inventory Management System 1.0. The vulnerability arises from unsafe handling in the file app/action/edit_update.php where manipulating the user_id parameter leads to SQL injection. It is a network-accessible issue with no required user interaction. Impact pe...

9.8CVSS8.3AI score0.00649EPSS
Web
CVE
CVE
added 2023/08/06 10:0 a.m.49 views

CVE-2023-4182

SourceCodester Inventory Management System 1.0 has a SQL injection vulnerability in edit_sell.php via the up_pid parameter. The issue is described as critical and allows remote exploitation, with no public patch version specified in the provided documents. Some sources advise avoiding the up_pid ...

9.8CVSS8.8AI score0.00536EPSS
CVE
CVE
added 2023/08/27 10:0 p.m.49 views

CVE-2023-4557

CVE-2023-4557 affects SourceCodester Inventory Management System 1.0. The vulnerability is in an unknown function of the file app/ajax/search_purchase_paymen_report.php; manipulating the customer parameter leads to an SQL injection. The issue permits remote exploitation and has been publicly disc...

9.8CVSS8.3AI score0.00535EPSS
Web
CVE
CVE
added 2023/02/10 12:0 a.m.46 views

CVE-2023-24234

CVE-2023-24234 affects Inventory Management System v1, specifically the php-inventory-management-system/brand.php component. The vulnerability is a stored XSS that allows an attacker to inject arbitrary web scripts or HTML via the Brand Name parameter. Reported impact is execution of scripts with...

4.8CVSS4.9AI score0.0048EPSS
Web
CVE
CVE
added 2023/02/10 12:0 a.m.45 views

CVE-2023-24231

CVE-2023-24231 : A stored cross-site scripting (XSS) vulnerability exists in the Inventory Management System v1, specifically in the component at /php-inventory-management-system/categories.php. The issue arises when a crafted payload is injected into the Categories Name parameter, allowing an at...

4.8CVSS4.9AI score0.0048EPSS
Web
CVE
CVE
added 2023/02/10 12:0 a.m.43 views

CVE-2023-24233

CVE-2023-24233 describes a stored XSS in the Inventory Management System v1, specifically in the component /php-inventory-management-system/orders.php?o=add. The vulnerability is triggered via the Client Name parameter, enabling an attacker to inject arbitrary web scripts or HTML. Documented impa...

4.8CVSS4.9AI score0.0048EPSS
Web
CVE
CVE
added 2025/12/15 12:0 a.m.10 views

CVE-2023-36337

CVE-2023-36337 affects PHP Inventory Management System v1. The vulnerability is a reflected XSS in the component /index.php/cuzh4 that allows an attacker to trigger arbitrary web scripts/HTML via a crafted payload. Metrics indicate CVSS v3.1 base score 6.1 (MEDIUM) with network attack vector, low...

6.1CVSS5.3AI score0.00185EPSS
CVE
CVE
added 2025/12/15 12:0 a.m.10 views

CVE-2023-36338

CVE-2023-36338 affects Inventory Management System 1 with a SQL injection flaw caused by insufficient sanitization of user input before SQL queries. The exploitation details are not described in the provided documents, and there is no published fix in the connected sources; monitoring for updates...

5.3CVSS7.9AI score0.00296EPSS