3 matches found
CVE-2022-28063
CVE-2022-28063 affects Simple Bakery Shop Management System v1.0. The issue is a file disclosure via /bsms/?page=products caused by insufficient access restrictions/filters, enabling an attacker to view leaked files and compromising confidentiality (C: High, I: None, A: None per docs). No explici...
CVE-2022-32987
CVE-2022-32987 concerns multiple cross-site scripting (XSS) vulnerabilities in Simple Bakery Shop Management System v1.0, specifically in the /bsms/?page=manage_account page. The issue arises from crafted input in the Username or Full Name fields, enabling execution of arbitrary web scripts/HTML....
CVE-2023-1357
The CVE refers to a critical SQL injection in SourceCodester Simple Bakery Shop Management System 1.0, affecting the Admin Login functionality. The vulnerability arises from injecting into the username/password parameters using the payload admin' or 1=1 --, which can be exploited remotely. Multip...