6 matches found
CVE-2023-4201
CVE-2023-4201 affects SourceCodester Inventory Management System 1.0. The vulnerability is a SQL injection in the file ex_catagory_data.php, caused by manipulation of the argument columns[1][data]. It can be exploited remotely and exploitation has been disclosed publicly. Multiple sources flag th...
CVE-2023-4199
CVE-2023-4199 affects SourceCodester Inventory Management System 1.0. The vulnerability exists in catagory_data.php and is triggered by manipulating the columns[1][data] parameter, causing an SQL injection. It is exploitable remotely and the exploit has been disclosed publicly (VDB-236289). Publi...
CVE-2023-46450
CVE-2023-46450 affects Sourcecodester Free and Open Source inventory management system 1.0. the vulnerability is a Cross-Site Scripting (XSS) flaw in the Add supplier function. exploitation is described as authenticated stored XSS with remote attack potential; impact is limited to the user sessio...
CVE-2023-46449
CVE-2023-46449 affects Sourcecodester Free and Open Source Inventory Management System v1.0. The vulnerability is an Incorrect Access Control (IDOR) in the password-change function that allows an arbitrary user to change another user’s password and take over an account. Reported exploitation deta...
CVE-2023-4200
CVE-2023-4200 affects SourceCodester Inventory Management System v1.0, specifically the product_data.php file. The vulnerability is a SQL injection in the columns[1][data] parameter that can be exploited remotely; exploit has been disclosed publicly. The issue arises from unsanitized input leadin...
CVE-2023-4749
CVE-2023-4749 affects SourceCodester Inventory Management System 1.0 (index.php). The vulnerability arises from manipulating the optional page argument to the file index.php, enabling file inclusion and remote access. Multiple sources corroborate a critical severity, with CVSS-derived scores indi...