4 matches found
CVE-2022-27927
CVE-2022-27927 affects Microfinance Management System 1.0 in which SQL injection is possible when MySQL is used as the application database. The vulnerable inputs are the course_code and/or customer_number parameters, through which an attacker can issue arbitrary SQL commands to the backend datab...
CVE-2022-1082
CVE-2022-1082 affects SourceCodester Microfinance Management System 1.0, specifically the login page file /mims/login.php. The vulnerability is a SQL injection caused by manipulation of the username/password input using the payload '||1=1#', which may be exploited remotely. The issue has been des...
CVE-2022-1083
The CVE-2022-1083 entry affects Microfinance Management System and is supported by multiple connected records describing a SQL injection vulnerability. The root cause is lack of validation/escaping for external input in parameters: customer_type_number, account_number, account_status_number, and ...
CVE-2022-1081
The CVE-2022-1081 entry concerns SourceCodester Microfinance Management System 1.0. A cross-site scripting vulnerability exists in /mims/app/addcustomerHandler.php, caused by improper handling of first_name, middle_name, and surname inputs. The issue allows remote initiation of an XSS attack, wit...