Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
PhpwaresPhp Inventory

3 matches found

CVE
CVEadded 2010/01/12 5:0 p.m.59 views

CVE-2009-4595

Summary of CVE-2009-4595 : PHP Inventory vulnerable to SQL injection via index.php in version 1.2 (also affects related tracked versions). The issue stems from unsanitized input in the sup_id parameter used in the suppliers details action, allowing (authenticated) users to craft arbitrary SQL. Mu...

6CVSS7.8AI score0.00104EPSS
CVE
CVEadded 2010/01/12 5:0 p.m.43 views

CVE-2009-4596

CVE-2009-4596 is a documented cross-site scripting vulnerability in PHP Inventory, specifically in index.php for version 1.2, exploitable via the sup_id parameter in the suppliers details action. The connected sources corroborate a web-facing XSS flaw that allows remote attackers to inject arbitr...

4.3CVSS5.8AI score0.01017EPSS
CVE
CVEadded 2010/01/12 5:0 p.m.41 views

CVE-2009-4597

The CVE-2009-4597 entry covers SQL injection flaws in PHP Inventory (notably versions around 1.2/1.3.x) in index.php. The vulnerabilities allow SQL commands to be injected through user_id in a user details action, and through user/password fields, enabling unauthorized data access via poorly sani...

7.5CVSS8.3AI score0.00169EPSS