Lead Management System Security Vulnerabilities and Issues — Lead Management System CVE List

Lead Management System ProjectLead Management System

8 matches found

CVE•added 2022/12/30 8:46 a.m.•65 views

CVE-2022-4855

CVE-2022-4855 affects SourceCodester Lead Management System 1.0. The login.php username parameter is vulnerable to SQL injection, enabling remote exploitation. Multiple sources confirm the issue is due to lack of input validation in login.php, with public disclosure of the exploit. Impact is desc...

9.8CVSS8.9AI score0.02533EPSS

CVE•added 2023/01/11 12:0 a.m.•57 views

CVE-2022-47859

Lead Management System v1.0 is affected by a SQL Injection in the user_id parameter of changePassword.php. The CVE description and multiple connected records consistently identify the root cause as unsanitized/validated input in changePassword.php, enabling arbitrary SQL execution with high impac...

9.8CVSS9.8AI score0.0025EPSS

CVE•added 2023/01/11 12:0 a.m.•47 views

CVE-2022-47865

CVE-2022-47865 affects Lead Management System v1.0, with a SQL Injection flaw in the removeOrder.php endpoint via the id parameter. Reported CVSS v3.1 base score 9.8 (CRITICAL; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Exploitation and impact details are consistent across multiple sources in the conn...

9.8CVSS9.8AI score0.0025EPSS

CVE•added 2023/01/11 12:0 a.m.•44 views

CVE-2022-47861

CVE-2022-47861 affects Lead Management System v1.0 due to an SQL Injection in the removeLead.php endpoint, exploitable via the id parameter. The root cause is lack of input validation for the id used in a database query, leading to potential unauthorized data access or modification. Documents con...

9.8CVSS9.8AI score0.0025EPSS

CVE•added 2023/01/11 12:0 a.m.•43 views

CVE-2022-47864

CVE-2022-47864 affects Lead Management System v1.0 and is described as vulnerable to SQL injection via the id parameter in removeCategories.php. The underlying issue is inadequate input handling that allows an attacker to manipulate SQL queries, enabling potential unauthorized data access or modi...

9.8CVSS9.8AI score0.0025EPSS

CVE•added 2023/01/11 12:0 a.m.•43 views

CVE-2022-47866

Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php. Root cause: lack of input validation in constructing SQL statements. Impact per sources: high-severity (CRITICAL) with potential impact on confidentiality, integrity, and availability. No official ...

9.8CVSS9.8AI score0.0025EPSS

CVE•added 2023/01/11 12:0 a.m.•41 views

CVE-2022-47860

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php. Root cause: lack of input validation. Impact: potential access to/steal of database data; high severity (CVSS 3.1 base 9.8; Network attack, no auth, no user interaction). Exploitation details are...

9.8CVSS9.8AI score0.0025EPSS

CVE•added 2023/01/11 12:0 a.m.•36 views

CVE-2022-47862

The CVE-2022-47862 entry concerns Lead Management System v1.0, where the customer_id parameter in ajax_represent.php is vulnerable to SQL Injection. The provided documents consistently identify SQL Injection as the issue source without detailing exploits in the wild. CVSS metrics indicate a Criti...

9.8CVSS9.8AI score0.0025EPSS