15 matches found
CVE-2023-3120
CVE-2023-3120 affects SourceCodester Service Provider Management System 1.0. The vulnerability is a SQL injection in the view_service.php module, triggered by manipulating the id parameter. It is exploitable remotely and has been disclosed publicly. The issue is tied to multiple vendor records co...
CVE-2023-3119
CVE-2023-3119 affects the SourceCodester Service Provider Management System 1.0. According to the provided records, the vulnerability resides in the file view.php , where manipulation of the id argument leads to an SQL injection. The issue can be exploited remotely, and the exploit has been discl...
CVE-2023-2348
CVE-2023-2348 affects SourceCodester Service Provider Management System 1.0. The flaw is a SQL injection in /admin/user/manage_user.php triggered by manipulating the id parameter, allowing remote exploitation. Multiple sources label the issue critical and publicly disclosed (VDB-227591). Evidence...
CVE-2023-2346
CVE-2023-2346 affects SourceCodester Service Provider Management System 1.0. The vulnerability is a SQL injection in the file /admin/inquiries/view_inquiry.php via the id parameter, potentially exploitable remotely. Multiple sources confirm the issue and its public disclosure. There is no publish...
CVE-2023-2345
CVE-2023-2345 pertains to SourceCodester Service Provider Management System 1.0. Affected component: /classes/Master.php?f=delete_inquiry, where the issue enables improper authorization and can be exploited remotely. Multiple connected sources consistently describe a critical risk tied to this de...
CVE-2024-6267
CVE-2024-6267 affects SourceCodester Service Provider Management System 1.0. The vulnerability is in the System Info Page (system_info/index.php) and arises from improper handling of the System Name/System Short Name, enabling cross-site scripting. The issue is exploitable remotely and the exploi...
CVE-2023-43456
CVE-2023-43456 concerns a cross-site scripting vulnerability in Service Provider Management System v1.0. The flaw is triggered through the firstname, middlename, and lastname parameters in the /php-spms/admin/?page=user endpoint and is reported across multiple sources, including NVD and Red Hat a...
CVE-2023-2344
The CVE-2023-2344 entry concerns SourceCodester Service Provider Management System 1.0. A SQL injection vulnerability exists in the HTTP POST endpoint at /classes/Master.php?f=save_service caused by manipulation of the name parameter in the request. The issue is exploitable remotely and the explo...
CVE-2023-34581
The CVE-2023-34581 issue affects Sourcecodester Service Provider Management System v1.0 and is triggered by an SQL Injection in the parameter id of the endpoint "/php-spms/?page=services/view&id=2". Public sources describe an exploitable vulnerability with high impact (NVD CVSS v3.1 base score 9....
CVE-2023-2349
CVE-2023-2349 affects SourceCodester Service Provider Management System 1.0. The vulnerability is a cross-site scripting issue in an unknown function of /admin/index.php, triggered by manipulating the page parameter. It can be exploited remotely and has been publicly disclosed per multiple source...
CVE-2023-43457
Service Provider Management System v1.0 is affected by a vulnerability in the /php-spms/admin/?page=user/ endpoint where an attacker can exploit an ID parameter to gain privileges. The issue, described across multiple sources, enables remote privilege escalation and is labeled as CRITICAL with CV...
CVE-2023-2350
CVE-2023-2350 affects SourceCodester Service Provider Management System 1.0, specifically the /classes/Users.php file. The vulnerability arises from manipulation of the id argument, enabling cross-site scripting (XSS). Exploitation is possible remotely, and the exploit has been publicly disclosed...
CVE-2023-2769
CVE-2023-2769 affects SourceCodester Service Provider Management System 1.0. The vulnerability is in the file /classes/Master.php?f=delete_service, where the id parameter is unsafely handled, resulting in SQL injection . It can be exploited remotely and public exploitation details have been discl...
CVE-2023-3644
CVE-2023-3644 affects SourceCodester Service Provider Management System 1.0. The vulnerability is a SQL injection in /classes/Master.php?f=save_inquiry caused by manipulation of the id parameter, exploitable remotely. CVSS details in the primary record show high impact (C/H, I/H, A/H) with networ...
CVE-2023-2347
CVE-2023-2347 affects SourceCodester Service Provider Management System 1.0. The vulnerability resides in the file /admin/services/manage_service.php; manipulating the id parameter enables SQL injection and can be triggered remotely. Multiple sources (NVD, Red Hat, CNVD, etc.) report this as a cr...