8 matches found
CVE-2025-4283
SourceCodester/oretnom23 Stock Management System 1.0 contains a SQL injection flaw in the login flow. The vulnerability specifically arises from manipulation of the Username parameter in /classes/Login.php?f=login, enabling remote exploitation. Public disclosures exist; CVSS metrics indicate high...
CVE-2025-4267
The CVE-2025-4267 entry affects SourceCodester/oretnom23 Stock Management System 1.0. The vulnerability resides in the Purchase Order Details Page, specifically /admin/?page=purchase_order/view_po, where manipulating the ID parameter enables SQL injection. It is exploitable remotely and has repor...
CVE-2025-4282
The CVE-2025-4282 entry affects SourceCodester/oretnom23 Stock Management System 1.0, specifically the /classes/Users.php?f=save handler. Multiple connected sources confirm a cross-site request forgery vulnerability that can be triggered remotely; exploitation is publicly disclosed. The vulnerabi...
CVE-2025-4786
CVE-2025-4786 affects SourceCodester/oretnom23 Stock Management System 1.0. The issue is an SQL injection in the endpoint /admin/?page=return/view_return triggered by manipulating the ID parameter, with remote exploitation possible. Public disclosure exists and the vulnerability is classified as ...
CVE-2025-4787
CVE-2025-4787 affects SourceCodester/oretnom23 Stock Management System 1.0. The vulnerability is a SQL injection in the file /admin/?page=sales/view_sale caused by manipulating the ID parameter. It is exploitable remotely and several sources note that the exploit has been disclosed publicly. Evid...
CVE-2025-4806
CVE-2025-4806 affects SourceCodester/oretnom23 Stock Management System 1.0. The vulnerability is an SQL injection in the file path /admin/?page=back_order/view_bo caused by manipulation of the ID argument. It is exploitable remotely and publicly disclosed. Multiple connected sources confirm the i...
CVE-2025-4935
CVE-2025-4935 affects SourceCodester Stock Management System 1.0. The vulnerability is a SQL injection in the file /php_action/changePassword.php triggered by manipulating the user_id parameter. The issue is exploitable remotely and has public exploit references in multiple sources. Several conne...
CVE-2025-4782
CVE-2025-4782 affects SourceCodester/oretnom23 Stock Management System 1.0. The vulnerability is an SQL injection in the endpoint /sms/admin/?page=receiving/view_receiving&id=1 where manipulating the id parameter can lead to remote exploitation. Multiple sources note that the exploit has been dis...