4 matches found
CVE-2022-36754
Expense Management System v1.0 is vulnerable to SQL injection via the id parameter in /Home/debit_credit_p. The issue is caused by lack of input validation, allowing potentially unauthorized SQL statements. The NVD entry lists CVSS v3.1: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H with base score 7.2 ( H...
CVE-2021-41434
CVE-2021-41434 affects Expense Management System version 1.0 and is a stored XSS vulnerability that allows arbitrary JavaScript execution through index.php. The Red Hat/NVD entries confirm a stored XSS issue with the same vector, impacting the application as described; no exploit details are prov...
CVE-2023-44824
CVE-2023-44824 relates to the Expense Management System v1.0, where a vulnerability in the sign-up.php component allows a local attacker to upload a crafted file that leads to arbitrary code execution. The issue is documented across multiple feeds (NVD/Red Hat/CVE records), consistently describin...
CVE-2024-1031
CVE-2024-1031 affects CodeAstro Expense Management System 1.0. Multiple connected sources identify a cross-site scripting vulnerability in the Add Expenses Page, specifically in templates/5-Add-Expenses.php where the user-supplied parameter item is manipulated to inject scripts. The issue appears...