Lucene search
K
Oretnom23Simple Cold Storage Management System

13 matches found

CVE
CVE
added 2022/01/28 2:5 p.m.63 views

CVE-2021-45435

CVE-2021-45435 involves an SQL injection in Sourcecodester Simple Cold Storage Management System (PHP/OOP 1.0) via the username field in login.php. Connected sources consistently describe the vulnerability and root cause as improper input handling in the login.php username parameter, enabling att...

9.8CVSS9.8AI score0.01096EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.63 views

CVE-2022-3582

CVE-2022-3582 affects SourceCodester Simple Cold Storage Management System 1.0. The vulnerability arises from manipulating the “change password” parameter, enabling cross-site request forgery (CSRF). Reportedly exploitable remotely; exploits have been disclosed (VDB-211189). Multiple feeds (NVD, ...

4.3CVSS4.2AI score0.00253EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.59 views

CVE-2022-3585

This CVE-2022-3585 affects SourceCodester Simple Cold Storage Management System 1.0. The vulnerability is a cross-site request forgery arising from an unknown function in the file /csms/?page=contact_us under the Contact Us component. It can be exploited remotely and the exploit has been disclose...

4.3CVSS4.7AI score0.00274EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.59 views

CVE-2022-3587

SourceCodester Simple Cold Storage Management System 1.0 is affected in the My Account component, where manipulating the First Name parameter triggers cross-site scripting. The vulnerability can be exploited remotely; public PoC/exploit appears in references. Affected product details and root cau...

5.4CVSS4.4AI score0.00459EPSS
CVE
CVE
added 2022/10/06 12:0 a.m.59 views

CVE-2022-42249

CVE-2022-42249 affects Simple Cold Storage Management System v1.0. The vulnerability is a SQL injection in the admin endpoint /csms/admin/storages/view_storage.php?id= (likely due to improper sanitization of the id parameter). This is rated high (CVSS 3.1: base score 7.2) with impact on confident...

7.2CVSS7.3AI score0.00854EPSS
Web
CVE
CVE
added 2022/10/06 12:0 a.m.58 views

CVE-2022-42250

CVE-2022-42250 affects Simple Cold Storage Management System v1.0. The vulnerability is an SQL injection in /csms/admin/inquiries/view_details.php?id= due to lack of input validation on the id parameter. Descriptions across multiple sources (CNVD/CNNVD/Red Hat and others) indicate potential expos...

7.2CVSS7.3AI score0.00837EPSS
Web
CVE
CVE
added 2022/10/17 12:0 a.m.57 views

CVE-2022-3549

Summary: CVE-2022-3549 affects SourceCodester Simple Cold Storage Management System 1.0, specifically the Avatar Handler in /csms/admin/?page=user/manage_user (or similar path). The issue is an unrestricted file upload vulnerability within the Avatar Handler component, enabling remote attackers t...

7.2CVSS5.8AI score0.00536EPSS
Web
CVE
CVE
added 2022/10/06 12:0 a.m.55 views

CVE-2022-42242

The CVE-2022-42242 entry concerns Simple Cold Storage Management System v1.0 with an SQL injection in the delete_booking path (/csms/classes/Master.php?f=delete_booking). It affects the database query layer and can lead to data exposure, modification, or arbitrary code execution per the public de...

7.2CVSS7.3AI score0.00854EPSS
Web
CVE
CVE
added 2022/10/06 12:0 a.m.54 views

CVE-2022-42243

CVE-2022-42243 affects Simple Cold Storage Management System v1.0. The vulnerability is an SQL injection in the endpoint /csms/admin/storages/manage_storage.php?id= . Public records from CNVD/CNNVD/Red Hat/CVE feeds describe that a remote attacker can manipulate the database, potentially obtainin...

7.2CVSS7.3AI score0.00854EPSS
Web
CVE
CVE
added 2022/10/06 12:0 a.m.52 views

CVE-2022-42241

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection through the endpoint /csms/classes/Master.php?f=delete_message. The vulnerability is documented across multiple sources (CVE, CNVD, Red Hat, CVE.org/Cvelist) with no product version details beyond v1.0 and no official patch...

7.2CVSS7.3AI score0.00854EPSS
Web
CVE
CVE
added 2022/10/17 12:0 a.m.49 views

CVE-2022-3546

CVE-2022-3546 affects SourceCodester Simple Cold Storage Management System 1.0. A vulnerability exists in the Create User Handler component, specifically the /csms/admin/?page=user/list endpoint, where manipulation of the First Name/Last Name parameters enables cross-site scripting. Attacks can b...

4.8CVSS4.2AI score0.00515EPSS
Web
CVE
CVE
added 2022/10/14 12:0 a.m.48 views

CVE-2022-42232

Simple Cold Storage Management System v1.0 is affected by an SQL Injection vulnerability in /csms/classes/Master.php?f=delete_storage. The CVE entry documents a high-severity impact (Confidentiality, Integrity, Availability all High) with a CVSS v3.1 base score of 7.2. The exploitation status is ...

7.2CVSS7.4AI score0.00854EPSS
Web
CVE
CVE
added 2022/10/17 12:0 a.m.44 views

CVE-2022-3548

The CVE-2022-3548 entry covers SourceCodester Simple Cold Storage Management System 1.0, affecting the Add New Storage Handler where manipulating the Name parameter triggers cross-site scripting. Reports indicate remote initiation and public disclosure of exploits. No explicit product version fix...

4.8CVSS4AI score0.0049EPSS