Lucene search
K
Oretnom23Simple Customer Relationship Management System

15 matches found

CVE
CVE
added 2024/05/14 4:22 p.m.79 views

CVE-2023-24204

CVE-2023-24204 concerns the SourceCodester Simple Customer Relationship Management System v1.0. Public records describe an SQL injection vulnerability in get-quote.php (via the name parameter) that can allow arbitrary SQL execution, and related discussions extend the issue to login.php, suggestin...

5.4CVSS8.5AI score0.00639EPSS
CVE
CVE
added 2024/05/14 4:18 p.m.73 views

CVE-2023-24203

CVE-2023-24203 (XSS) affects SourceCodester Simple Customer Relationship Management System v1.0, specifically the get-quote.php handling of company and query parameters. The root cause is inadequate sanitization/encoding of user input, allowing stored XSS that can execute arbitrary JavaScript in ...

5.4CVSS6.8AI score0.00611EPSS
CVE
CVE
added 2023/02/27 12:0 a.m.71 views

CVE-2023-24364

CVE-2023-24364 affects Simple Customer Relationship Management System v1.0. The vulnerability is a SQL injection via the username parameter in the Admin Panel. The CVE is rated high (CVSS v3.1 base score 8.8; AVR: Network; AC: Low; PR: Low; UI: None; C/I/A: High). The connected sources consistent...

8.8CVSS8.9AI score0.01048EPSS
CVE
CVE
added 2023/02/27 12:0 a.m.61 views

CVE-2023-24656

CVE-2023-24656 affects Simple Customer Relationship Management System v1.0. The vulnerability is a SQL injection via the subject parameter in the Create Ticket function, caused by unsanitized input. CVSS v3.1 base score 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, LOW privileges,...

8.8CVSS8.9AI score0.01048EPSS
CVE
CVE
added 2023/03/15 12:0 a.m.59 views

CVE-2023-24730

CVE-2023-24730 affects Simple Customer Relationship Management System v1.0. The issue is a SQL injection in the user profile update function via the company parameter, enabling potentially full data compromise (CVSS v3.1 base score 8.8: Confidentiality, Integrity, Availability all High). Connecte...

8.8CVSS8.9AI score0.01049EPSS
CVE
CVE
added 2023/03/15 12:0 a.m.59 views

CVE-2023-24732

The CVE-2023-24732 entry concerns Simple Customer Relationship Management System v1.0. The vulnerability is a SQL injection in the gender parameter used by the user profile update function, exposed in multiple connected sources. According to the NVD entry, the issue can impact confidentiality, in...

8.8CVSS8.9AI score0.01006EPSS
CVE
CVE
added 2023/03/15 12:0 a.m.56 views

CVE-2023-24729

CVE-2023-24729 affects Simple Customer Relationship Management System v1.0. The SQL injection vulnerability occurs in the address parameter of the user profile update function. The issue is confirmed across multiple sources; CVSS v3.1 base score 8.8 (HIGH) with network attack vector, low attack c...

8.8CVSS8.9AI score0.01049EPSS
CVE
CVE
added 2023/02/27 12:0 a.m.55 views

CVE-2023-24654

Affected product: Simple Customer Relationship Management System v1.0. Vulnerability: SQL injection in the name parameter of the Request a Quote function. Root cause: improper handling of user input enabling SQL injection (no further technical specifics provided). Impact: CVSS v3.1 base score 8.8...

8.8CVSS8.9AI score0.01048EPSS
CVE
CVE
added 2023/02/27 12:0 a.m.52 views

CVE-2023-24652

CVE-2023-24652 affects Simple Customer Relationship Management System v1.0. The issue is a SQL injection vulnerability in the Description parameter of the Create ticket function, potentially allowing unauthorized data access/modification. According to the cited metrics, impact is High (C, I, A = ...

8.8CVSS8.9AI score0.01048EPSS
CVE
CVE
added 2023/02/27 12:0 a.m.51 views

CVE-2023-24651

CVE-2023-24651 affects Simple Customer Relationship Management System v1.0. The registration page exposes a SQL injection in the name parameter, arising from improper handling of user input. Documented impact per CVSSv3.1 shows Network access with Low Confidentiality/Integrity impact and no Avail...

5.4CVSS5.9AI score0.00561EPSS
CVE
CVE
added 2023/02/27 12:0 a.m.50 views

CVE-2023-24653

Affected product: Simple Customer Relationship Management System v1.0. Vulnerability: SQL injection in the Change Password function via the oldpass parameter. Root cause / vector: Vulnerability described as a SQL injection vulnerability stemming from handling of the oldpass input. Impact: CVSS v3...

8.8CVSS8.9AI score0.01048EPSS
CVE
CVE
added 2023/02/19 8:12 a.m.49 views

CVE-2023-0917

The CVE-2023-0917 entry concerns SourceCodester Simple Customer Relationship Management System 1.0. The vulnerability affects the login.php component, where manipulation of the Password parameter enables SQL injection. It is exploitable remotely, and multiple sources note the exploit has been dis...

9.8CVSS8.8AI score0.00929EPSS
Web
CVE
CVE
added 2023/03/15 12:0 a.m.49 views

CVE-2023-24731

CVE-2023-24731 applies to Simple Customer Relationship Management System v1.0. The vulnerability is a SQL injection via a query parameter in the user profile update function. Documented CVSS v3.1 base score is 8.8 (High) with high impact to confidentiality, integrity, and availability. No patch/v...

8.8CVSS8.9AI score0.01006EPSS
CVE
CVE
added 2023/03/23 12:0 a.m.47 views

CVE-2023-24655

CVE-2023-24655 affects Simple Customer Relationship Management System v1.0. A SQL injection flaw exists in the Profile Update function via the name parameter, enabling potentially arbitrary SQL execution. The CVSS 3.1 vector indicates a network attack with no user interaction and requires no priv...

9.8CVSS9.7AI score0.01023EPSS
CVE
CVE
added 2023/03/15 12:0 a.m.47 views

CVE-2023-24728

CVE-2023-24728 affects Simple Customer Relationship Management System v1.0. The vulnerability is a SQL injection in the user profile update function exposed via the contact parameter. Root cause is improper handling of input in the update path, enabling arbitrary SQL execution with high impact (c...

8.8CVSS8.9AI score0.01006EPSS