15 matches found
CVE-2023-24204
CVE-2023-24204 concerns the SourceCodester Simple Customer Relationship Management System v1.0. Public records describe an SQL injection vulnerability in get-quote.php (via the name parameter) that can allow arbitrary SQL execution, and related discussions extend the issue to login.php, suggestin...
CVE-2023-24203
CVE-2023-24203 (XSS) affects SourceCodester Simple Customer Relationship Management System v1.0, specifically the get-quote.php handling of company and query parameters. The root cause is inadequate sanitization/encoding of user input, allowing stored XSS that can execute arbitrary JavaScript in ...
CVE-2023-24364
CVE-2023-24364 affects Simple Customer Relationship Management System v1.0. The vulnerability is a SQL injection via the username parameter in the Admin Panel. The CVE is rated high (CVSS v3.1 base score 8.8; AVR: Network; AC: Low; PR: Low; UI: None; C/I/A: High). The connected sources consistent...
CVE-2023-24656
CVE-2023-24656 affects Simple Customer Relationship Management System v1.0. The vulnerability is a SQL injection via the subject parameter in the Create Ticket function, caused by unsanitized input. CVSS v3.1 base score 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, LOW privileges,...
CVE-2023-24730
CVE-2023-24730 affects Simple Customer Relationship Management System v1.0. The issue is a SQL injection in the user profile update function via the company parameter, enabling potentially full data compromise (CVSS v3.1 base score 8.8: Confidentiality, Integrity, Availability all High). Connecte...
CVE-2023-24732
The CVE-2023-24732 entry concerns Simple Customer Relationship Management System v1.0. The vulnerability is a SQL injection in the gender parameter used by the user profile update function, exposed in multiple connected sources. According to the NVD entry, the issue can impact confidentiality, in...
CVE-2023-24729
CVE-2023-24729 affects Simple Customer Relationship Management System v1.0. The SQL injection vulnerability occurs in the address parameter of the user profile update function. The issue is confirmed across multiple sources; CVSS v3.1 base score 8.8 (HIGH) with network attack vector, low attack c...
CVE-2023-24654
Affected product: Simple Customer Relationship Management System v1.0. Vulnerability: SQL injection in the name parameter of the Request a Quote function. Root cause: improper handling of user input enabling SQL injection (no further technical specifics provided). Impact: CVSS v3.1 base score 8.8...
CVE-2023-24652
CVE-2023-24652 affects Simple Customer Relationship Management System v1.0. The issue is a SQL injection vulnerability in the Description parameter of the Create ticket function, potentially allowing unauthorized data access/modification. According to the cited metrics, impact is High (C, I, A = ...
CVE-2023-24651
CVE-2023-24651 affects Simple Customer Relationship Management System v1.0. The registration page exposes a SQL injection in the name parameter, arising from improper handling of user input. Documented impact per CVSSv3.1 shows Network access with Low Confidentiality/Integrity impact and no Avail...
CVE-2023-24653
Affected product: Simple Customer Relationship Management System v1.0. Vulnerability: SQL injection in the Change Password function via the oldpass parameter. Root cause / vector: Vulnerability described as a SQL injection vulnerability stemming from handling of the oldpass input. Impact: CVSS v3...
CVE-2023-0917
The CVE-2023-0917 entry concerns SourceCodester Simple Customer Relationship Management System 1.0. The vulnerability affects the login.php component, where manipulation of the Password parameter enables SQL injection. It is exploitable remotely, and multiple sources note the exploit has been dis...
CVE-2023-24731
CVE-2023-24731 applies to Simple Customer Relationship Management System v1.0. The vulnerability is a SQL injection via a query parameter in the user profile update function. Documented CVSS v3.1 base score is 8.8 (High) with high impact to confidentiality, integrity, and availability. No patch/v...
CVE-2023-24655
CVE-2023-24655 affects Simple Customer Relationship Management System v1.0. A SQL injection flaw exists in the Profile Update function via the name parameter, enabling potentially arbitrary SQL execution. The CVSS 3.1 vector indicates a network attack with no user interaction and requires no priv...
CVE-2023-24728
CVE-2023-24728 affects Simple Customer Relationship Management System v1.0. The vulnerability is a SQL injection in the user profile update function exposed via the contact parameter. Root cause is improper handling of input in the update path, enabling arbitrary SQL execution with high impact (c...