Lucene search
K
Oretnom23Service Provider Management System

15 matches found

CVE
CVE
added 2023/06/06 11:0 a.m.149 views

CVE-2023-3120

CVE-2023-3120 affects SourceCodester Service Provider Management System 1.0. The vulnerability is a SQL injection in the view_service.php module, triggered by manipulating the id parameter. It is exploitable remotely and has been disclosed publicly. The issue is tied to multiple vendor records co...

7.2CVSS6.9AI score0.00694EPSS
CVE
CVE
added 2023/06/06 10:31 a.m.137 views

CVE-2023-3119

CVE-2023-3119 affects the SourceCodester Service Provider Management System 1.0. According to the provided records, the vulnerability resides in the file view.php , where manipulation of the id argument leads to an SQL injection. The issue can be exploited remotely, and the exploit has been discl...

8.8CVSS7.7AI score0.00734EPSS
CVE
CVE
added 2023/04/27 3:0 p.m.64 views

CVE-2023-2348

CVE-2023-2348 affects SourceCodester Service Provider Management System 1.0. The flaw is a SQL injection in /admin/user/manage_user.php triggered by manipulating the id parameter, allowing remote exploitation. Multiple sources label the issue critical and publicly disclosed (VDB-227591). Evidence...

9.8CVSS8.3AI score0.0082EPSS
Web
CVE
CVE
added 2023/04/27 2:31 p.m.60 views

CVE-2023-2346

CVE-2023-2346 affects SourceCodester Service Provider Management System 1.0. The vulnerability is a SQL injection in the file /admin/inquiries/view_inquiry.php via the id parameter, potentially exploitable remotely. Multiple sources confirm the issue and its public disclosure. There is no publish...

9.8CVSS8.2AI score0.0082EPSS
Web
CVE
CVE
added 2023/04/27 2:0 p.m.59 views

CVE-2023-2345

CVE-2023-2345 pertains to SourceCodester Service Provider Management System 1.0. Affected component: /classes/Master.php?f=delete_inquiry, where the issue enables improper authorization and can be exploited remotely. Multiple connected sources consistently describe a critical risk tied to this de...

9.8CVSS7.9AI score0.00511EPSS
Web
CVE
CVE
added 2024/06/23 6:0 a.m.58 views

CVE-2024-6267

CVE-2024-6267 affects SourceCodester Service Provider Management System 1.0. The vulnerability is in the System Info Page (system_info/index.php) and arises from improper handling of the System Name/System Short Name, enabling cross-site scripting. The issue is exploitable remotely and the exploi...

5.1CVSS3.9AI score0.00452EPSS
Web
CVE
CVE
added 2023/09/25 12:0 a.m.54 views

CVE-2023-43456

CVE-2023-43456 concerns a cross-site scripting vulnerability in Service Provider Management System v1.0. The flaw is triggered through the firstname, middlename, and lastname parameters in the /php-spms/admin/?page=user endpoint and is reported across multiple sources, including NVD and Red Hat a...

5.4CVSS5.8AI score0.0069EPSS
Web
CVE
CVE
added 2023/04/27 2:0 p.m.53 views

CVE-2023-2344

The CVE-2023-2344 entry concerns SourceCodester Service Provider Management System 1.0. A SQL injection vulnerability exists in the HTTP POST endpoint at /classes/Master.php?f=save_service caused by manipulation of the name parameter in the request. The issue is exploitable remotely and the explo...

9.8CVSS8.3AI score0.00834EPSS
CVE
CVE
added 2023/06/12 12:0 a.m.52 views

CVE-2023-34581

The CVE-2023-34581 issue affects Sourcecodester Service Provider Management System v1.0 and is triggered by an SQL Injection in the parameter id of the endpoint "/php-spms/?page=services/view&id=2". Public sources describe an exploitable vulnerability with high impact (NVD CVSS v3.1 base score 9....

9.8CVSS9.7AI score0.03282EPSS
Web
CVE
CVE
added 2023/04/27 3:0 p.m.49 views

CVE-2023-2349

CVE-2023-2349 affects SourceCodester Service Provider Management System 1.0. The vulnerability is a cross-site scripting issue in an unknown function of /admin/index.php, triggered by manipulating the page parameter. It can be exploited remotely and has been publicly disclosed per multiple source...

5.4CVSS4.3AI score0.00564EPSS
Web
CVE
CVE
added 2023/09/25 12:0 a.m.49 views

CVE-2023-43457

Service Provider Management System v1.0 is affected by a vulnerability in the /php-spms/admin/?page=user/ endpoint where an attacker can exploit an ID parameter to gain privileges. The issue, described across multiple sources, enables remote privilege escalation and is labeled as CRITICAL with CV...

9.8CVSS9.4AI score0.00983EPSS
Web
CVE
CVE
added 2023/04/27 3:31 p.m.47 views

CVE-2023-2350

CVE-2023-2350 affects SourceCodester Service Provider Management System 1.0, specifically the /classes/Users.php file. The vulnerability arises from manipulation of the id argument, enabling cross-site scripting (XSS). Exploitation is possible remotely, and the exploit has been publicly disclosed...

5.4CVSS4.5AI score0.00564EPSS
Web
CVE
CVE
added 2023/05/17 5:31 p.m.47 views

CVE-2023-2769

CVE-2023-2769 affects SourceCodester Service Provider Management System 1.0. The vulnerability is in the file /classes/Master.php?f=delete_service, where the id parameter is unsafely handled, resulting in SQL injection . It can be exploited remotely and public exploitation details have been discl...

8.8CVSS7.8AI score0.00734EPSS
Web
CVE
CVE
added 2023/07/12 6:0 p.m.40 views

CVE-2023-3644

CVE-2023-3644 affects SourceCodester Service Provider Management System 1.0. The vulnerability is a SQL injection in /classes/Master.php?f=save_inquiry caused by manipulation of the id parameter, exploitable remotely. CVSS details in the primary record show high impact (C/H, I/H, A/H) with networ...

9.8CVSS8.2AI score0.00418EPSS
Web
CVE
CVE
added 2023/04/27 2:31 p.m.38 views

CVE-2023-2347

CVE-2023-2347 affects SourceCodester Service Provider Management System 1.0. The vulnerability resides in the file /admin/services/manage_service.php; manipulating the id parameter enables SQL injection and can be triggered remotely. Multiple sources (NVD, Red Hat, CNVD, etc.) report this as a cr...

9.8CVSS7.4AI score0.0082EPSS
Web