30 matches found
CVE-2022-3942
CVE-2022-3942 affects the SourceCodester Sanitization Management System, specifically the php-sms/?p=request_quote endpoint, where user input appears to be mishandled, enabling a cross-site scripting (XSS) condition. The vulnerability is described as exploitable remotely, with VDB-213449 cited. C...
CVE-2022-43350
CVE-2022-43350 affects Sanitization Management System v1.0. A SQL injection flaw exists via the id parameter in /php-sms/classes/Master.php?f=delete_inquiry. CVSSv3.1: 7.2 (HIGH) with Network attack, Low complexity, No user interaction. Impact: Confidentiality, Integrity, Availability are High. N...
CVE-2022-3518
CVE-2022-3518 affects SourceCodester Sanitization Management System 1.0, specifically the User Creation Handler . The vulnerability arises from manipulation of the arguments for the name fields (First Name, Middle Name, Last Name), leading to cross-site scripting (XSS) . It is described as exploi...
CVE-2022-44295
CVE-2022-44295 affects Sanitization Management System v1.0. The Connected documents and the Initial description consistently state a SQL Injection vulnerability exploitable via the endpoint /php-sms/admin/orders/assign_team.php?id=. They do not provide explicit root-cause details beyond the SQL i...
CVE-2022-3673
CVE-2022-3673 affects SourceCodester Sanitization Management System 1.0. The vulnerability is in an unknown function within /php-sms/classes/Master.php, where manipulation of the message argument leads to cross-site scripting. It is described as exploitable remotely. Multiple connected records co...
CVE-2022-44137
SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection (CVE-2022-44137). Affected product: SourceCodester Sanitization Management System 1.0. Root cause: SQL Injection as stated in CVE. Impact per CVSSv3.1: High (7.2) with Confidentiality, Integrity, and Availability imp...
CVE-2022-44278
CVE-2022-44278 affects Sanitization Management System v1.0. The vulnerability is a SQL Injection in the admin endpoint /php-sms/admin/?page=user/manage_user&id= (network attack surface; no user interaction required). Documented impact is high on confidentiality, integrity, and availability (CVE C...
CVE-2022-44296
Product: Sanitization Management System v1.0. Vulnerability: SQL Injection via /php-sms/admin/quotes/manage_remark.php?id= in the Quotes management remark endpoint. Root cause/vector: unsanitized input in the id parameter (SQLi). Impact (per CVSS): Confidentiality, Integrity, Availability each Hi...
CVE-2022-3868
CVE-2022-3868 affects the SourceCodester Sanitization Management System. A vulnerability in an unknown function of the file /php-sms/classes/Master.php?f=save_quote allows manipulation of the argument id, resulting in an SQL injection. This can be triggered remotely and the exploit has been publi...
CVE-2022-43351
CVE-2022-43351 affects the Sanitization Management System v1.0, with a vulnerability in the /classes/Master.php?f=delete_img path that allows arbitrary file deletion. The issue is described as an arbitrary file deletion vulnerability impacting integrity and availability. Connected sources provide...
CVE-2022-3519
SourceCodester Sanitization Management System 1.0 contains a cross-site scripting vulnerability in the Quote Requests Tab triggered by manipulating the Manage Remarks parameter. The issue can be exploited remotely; versions and specific affected files are not explicitly enumerated beyond the 1.0 ...
CVE-2022-43352
CVE-2022-43352 concerns Sanitization Management System v1.0, with a reported SQL injection in the id parameter of the endpoint /php-sms/classes/Master.php?f=delete_quote. Affected component is the application’s quotes deletion path; root cause is unsafely constructed SQL that allows attacker-cont...
CVE-2022-44393
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=. Root cause is unsafely handled id parameter in that endpoint. Impact per CVSS: high confidentiality, integrity, and availability, with network attack vector and no user interacti...
CVE-2022-3672
CVE-2022-3672 affects SourceCodester Sanitization Management System 1.0. The vulnerability is a cross-site scripting flaw in the handling of the name/shortname arguments within the file /php-sms/classes/SystemSettings.php , which can be triggered remotely. The accompanying documents consistently ...
CVE-2022-4726
CVE-2022-4726 affects SourceCodester Sanitization Management System 1.0. The vulnerability lies in the Admin Login functionality, where manipulation of the username/password parameters leads to SQL injection. The attack can be launched remotely. The available connected documents consistently desc...
CVE-2022-3674
CVE-2022-3674 affects SourceCodester Sanitization Management System 1.0. Descriptions consistently cite a critical issue where manipulation leads to missing authentication, enabling remote attacks. Public technical details are not provided across connected documents; some sources indicate no avai...
CVE-2022-43354
CVE-2022-43354 affects Sanitization Management System v1.0. The vulnerability is a SQL injection in the id parameter of the endpoint /admin/?page=orders/manage_request, as described in multiple sources. The CVE has a CVSS v3.1 base score of 7.2 (HIGH) with network attack vector, low attack comple...
CVE-2022-44294
CVE-2022-44294 affects Sanitization Management System v1.0. The provided documents describe a SQL Injection vulnerability exploitable via the endpoint /php-sms/admin/?page=services/manage_service&id=, stemming from unsanitized input in the id parameter. The CVSS metrics indicate a HIGH severity (...
CVE-2022-43353
CVE-2022-43353 concerns Sanitization Management System v1.0, which is vulnerable to a SQL injection via the id parameter in the endpoint /admin/?page=orders/view_order. The root cause is improper handling of the id input, enabling an attacker to craft queries that could affect confidentiality, in...
CVE-2022-43355
CVE-2022-43355 affects Sanitization Management System v1.0, where a SQL injection is reachable via the id parameter at /php-sms/classes/Master.php?f=delete_service. The primary document states a SQL injection vulnerability, with CVSS‑3.1 metrics: AV:N, AC:L, PR:H, UI:N, S:U, C:H, I:H, A:H, base s...
CVE-2022-44277
CVE-2022-44277 affects Sanitization Management System v1.0. The vulnerability is a SQL Injection in the endpoint /php-sms/classes/Master.php?f=delete_product, arising from improper sanitization in the application’s database queries. According to the incident data, the CVSSv3.1 base score is 7.2 (...
CVE-2022-44347
CVE-2022-44347 affects Sanitization Management System v1.0. The vulnerability is an SQL Injection in the web endpoint /php-sms/admin/?page=inquiries/view_inquiry&id= (parameter id). Multiple sources confirm the impact is high (CVSS 3.1: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) with potential data dis...
CVE-2022-3992
CVE-2022-3992 affects SourceCodester Sanitization Management System. The vulnerability is in an unknown functionality of the file admin/?page=system_info within the Banner Image Handler, enabling cross-site scripting. Attacks can be launched remotely; CVSS scores in the sources range from 6.1 (NV...
CVE-2022-45214
CVE-2022-45214 : A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attacker-controlled scripts via a crafted payload injected into the username parameter at /php-sms/classes/Login.php. Affected component is the login API of Sanitization Management System 1...
CVE-2022-3504
The CVE-2022-3504 entry describes a SQL injection vulnerability in SourceCodester Sanitization Management System, triggered by manipulating the id parameter in the URL path /php-sms/?p=services/view_service. The issue is framed as critical with remote attack potential and the vulnerability affect...
CVE-2022-3505
CVE-2022-3505 affects SourceCodester Sanitization Management System. The vulnerability is a cross-site scripting flaw in an unknown function under /php-sms/admin/, caused by manipulation of the page parameter. It can be exploited remotely and the exploit has been disclosed publicly (per multiple ...
CVE-2022-44348
Sanitization Management System v1.0 is affected by a SQL injection vulnerability in the /php-sms/admin/orders/update_status.php?id= endpoint. The issue arises from unsafely handling the id parameter, enabling attacker-controlled SQL queries. Reported CVSS v3.1 base score 7.2 (HIGH) with network a...
CVE-2022-44151
CVE-2022-44151 affects Simple Inventory Management System v1.0. The vulnerability is a SQL Injection in the login endpoint (/ims/login.php), caused by improper handling of user input. This can lead to unauthorized access to data and potential total compromise, with the CVSS v3.1 base score of 9.8...
CVE-2022-44096
CVE-2022-44096 affects Sanitization Management System v1.0. The issue is due to hardcoded credentials in the system, enabling privilege escalation and admin-panel access. Multiple connected sources corroborate the vulnerability, including Red Hat and PT Security, which note credential leakage as ...
CVE-2022-44345
CVE-2022-44345 affects the web application product Sanitization Management System v1.0 . The vulnerability is a SQL Injection triggered through the endpoint /php-sms/admin/?page=quotes/view_quote&id= , where the unvalidated/unsafely processed id parameter enables injection. The CVSS 3.1 data in t...