13 matches found
CVE-2021-45435
CVE-2021-45435 involves an SQL injection in Sourcecodester Simple Cold Storage Management System (PHP/OOP 1.0) via the username field in login.php. Connected sources consistently describe the vulnerability and root cause as improper input handling in the login.php username parameter, enabling att...
CVE-2022-3582
CVE-2022-3582 affects SourceCodester Simple Cold Storage Management System 1.0. The vulnerability arises from manipulating the “change password” parameter, enabling cross-site request forgery (CSRF). Reportedly exploitable remotely; exploits have been disclosed (VDB-211189). Multiple feeds (NVD, ...
CVE-2022-3585
This CVE-2022-3585 affects SourceCodester Simple Cold Storage Management System 1.0. The vulnerability is a cross-site request forgery arising from an unknown function in the file /csms/?page=contact_us under the Contact Us component. It can be exploited remotely and the exploit has been disclose...
CVE-2022-3587
SourceCodester Simple Cold Storage Management System 1.0 is affected in the My Account component, where manipulating the First Name parameter triggers cross-site scripting. The vulnerability can be exploited remotely; public PoC/exploit appears in references. Affected product details and root cau...
CVE-2022-42249
CVE-2022-42249 affects Simple Cold Storage Management System v1.0. The vulnerability is a SQL injection in the admin endpoint /csms/admin/storages/view_storage.php?id= (likely due to improper sanitization of the id parameter). This is rated high (CVSS 3.1: base score 7.2) with impact on confident...
CVE-2022-42250
CVE-2022-42250 affects Simple Cold Storage Management System v1.0. The vulnerability is an SQL injection in /csms/admin/inquiries/view_details.php?id= due to lack of input validation on the id parameter. Descriptions across multiple sources (CNVD/CNNVD/Red Hat and others) indicate potential expos...
CVE-2022-3549
Summary: CVE-2022-3549 affects SourceCodester Simple Cold Storage Management System 1.0, specifically the Avatar Handler in /csms/admin/?page=user/manage_user (or similar path). The issue is an unrestricted file upload vulnerability within the Avatar Handler component, enabling remote attackers t...
CVE-2022-42242
The CVE-2022-42242 entry concerns Simple Cold Storage Management System v1.0 with an SQL injection in the delete_booking path (/csms/classes/Master.php?f=delete_booking). It affects the database query layer and can lead to data exposure, modification, or arbitrary code execution per the public de...
CVE-2022-42243
CVE-2022-42243 affects Simple Cold Storage Management System v1.0. The vulnerability is an SQL injection in the endpoint /csms/admin/storages/manage_storage.php?id= . Public records from CNVD/CNNVD/Red Hat/CVE feeds describe that a remote attacker can manipulate the database, potentially obtainin...
CVE-2022-42241
Simple Cold Storage Management System v1.0 is vulnerable to SQL injection through the endpoint /csms/classes/Master.php?f=delete_message. The vulnerability is documented across multiple sources (CVE, CNVD, Red Hat, CVE.org/Cvelist) with no product version details beyond v1.0 and no official patch...
CVE-2022-3546
CVE-2022-3546 affects SourceCodester Simple Cold Storage Management System 1.0. A vulnerability exists in the Create User Handler component, specifically the /csms/admin/?page=user/list endpoint, where manipulation of the First Name/Last Name parameters enables cross-site scripting. Attacks can b...
CVE-2022-42232
Simple Cold Storage Management System v1.0 is affected by an SQL Injection vulnerability in /csms/classes/Master.php?f=delete_storage. The CVE entry documents a high-severity impact (Confidentiality, Integrity, Availability all High) with a CVSS v3.1 base score of 7.2. The exploitation status is ...
CVE-2022-3548
The CVE-2022-3548 entry covers SourceCodester Simple Cold Storage Management System 1.0, affecting the Add New Storage Handler where manipulating the Name parameter triggers cross-site scripting. Reports indicate remote initiation and public disclosure of exploits. No explicit product version fix...