19 matches found
CVE-2022-26284
CVE-2022-26284 affects Simple Client Management System v1.0. The vulnerability is a SQL injection in the manage_client endpoint, exploitable via the id parameter, which can allow an attacker to dump the application’s database through crafted HTTP requests. Public references describe the issue and...
CVE-2022-29748
Affected software: Simple Client Management System 1.0. The vulnerability is a SQL injection in the CMS path cms/admin?page=client/manage_client&id= (also described as manage_client&id=). Root cause: lack of input validation/external input handling in the affected parameter, enabling arbitrary SQ...
CVE-2021-43484
CVE-2021-43484 affects Simple Client Management System 1.0, specifically the create.php file, where remote code execution arises from failure to validate the extension of a file in a request. The vulnerability is documented with a high/severe impact (CVSS v3.1: 9.8, CRITICAL, network access, no u...
CVE-2022-26285
CVE-2022-26285 affects Simple Subscription Website v1.0. A SQL injection flaw exists in the apply endpoint’s id parameter, allowing an attacker to dump the database via crafted HTTP requests. Connected sources (NVD/Red Hat/CNVD/CVE records) confirm the vulnerable endpoint and impact. The document...
CVE-2022-29750
The vulnerability CVE-2022-29750 affects Simple Client Management System 1.0. It enables SQL Injection through /cms/classes/Master.php?f=delete_service due to insufficient validation of the id parameter, allowing potentially unauthorized access to database data. The entry indicates high-severity ...
CVE-2022-29980
The vulnerability CVE-2022-29980 affects Simple Client Management System 1.0. The issue is a SQL injection in the admin user management page, specifically via /cms/admin/?page=user/manage_user&id=, caused by unvalidated external input. This leads to potential exposure of sensitive database data a...
CVE-2022-29747
CVE-2022-29747 affects Simple Client Management System 1.0. The issue is a SQL Injection in the invoice management page parameter: /cms/admin/?page=invoice/manage_invoice&id=, caused by lack of validation of external SQL statements. Reported data indicates potential leakage of database data with ...
CVE-2022-29983
The CVE-2022-29983 entry concerns Simple Client Management System 1.0 and an SQL Injection vulnerability in the admin invoice view endpoint (/cms/admin/?page=invoice/view_invoice&id=). The connected documents confirm the issue arises from lack of input validation/parameter sanitization, enabling ...
CVE-2022-29751
CVE-2022-29751 affects Simple Client Management System 1.0. The vulnerability is an SQL injection in the delete_client path (/cms/classes/Master.php?f=delete_client) caused by lack of input validation, enabling arbitrary SQL execution and potential data disclosure/ modification. Root cause stated...
CVE-2022-29749
CVE-2022-29749 affects Simple Client Management System 1.0. The vulnerability is an SQL injection in the delete_invoice path handled via /cms/classes/Master.php?f=delete_invoice, originating from lack of validation of input (id parameter). The issue is confirmed across multiple sources (NVD/CNVD/...
CVE-2021-43505
CVE-2021-43505 affects Ssourcecodester Simple Client Management System v1. The vulnerability is described as multiple Cross-Site Scripting (XSS) issues exploitable via adding a new client or adding a new invoice. The connected documents confirm XSS in this product/version combination; no explicit...
CVE-2021-43506
The vulnerability CVE-2021-43506 affects Sourcecodester Simple Client Management System 1.0, where an SQL Injection can be triggered via the password parameter in Login.php. The root cause is improper input handling leading to unauthorized access or data exposure. Multiple sources (NVD and Red Ha...
CVE-2021-43657
CVE-2021-43657 is a stored XSS vulnerability in Sourcecodetester Simple Client Management System (SCMS) v1.0, exploitable via MAster.php input fields. The issue allows an attacker to inject arbitrary script/HTML on victims’ browsers. Affected component: MAster.php in SCMS 1.0; root cause: stored ...
CVE-2022-29979
CVE-2022-29979 affects Simple Client Management System 1.0. The vulnerability is an SQL injection in /cms/classes/Master.php?f=delete_designation caused by unsanitized input in the id parameter, enabling arbitrary SQL execution. Documented impact indicates partial confidentiality, integrity, and ...
CVE-2022-29981
CVE-2022-29981 affects Simple Client Management System 1.0. The vulnerability is an SQL Injection via the endpoint /cms/classes/Users.php?f=delete, stemming from lack of input validation of the id parameter in the POST request. Public documents consistently describe this as a SQL injection affect...
CVE-2022-29982
CVE-2022-29982 affects the Simple Client Management System 1.0. The vulnerability is a SQL injection in the maintenance page handler: /cms/admin/maintenance/manage_service.php?id=, arising from unsafely constructed SQL statements in user-supplied input. The provided sources describe a risk of exp...
CVE-2022-29984
CVE-2022-29984 affects Simple Client Management System 1.0. The vulnerability is a SQL Injection via the parameter in /cms/admin/?page=client/view_client&id=, arising from lack of input validation. Impact per sources ranges from partial confidentiality/integrity/availability to high/critical depe...
CVE-2021-43510
CVE-2021-43510 affects Sourcecodester Simple Client Management System 1.0. Affected: login.php username field. Root cause: SQL injection due to lack of input validation, enabling attackers to execute arbitrary SQL queries. Potential impact per connected docs: unauthorized data access, data modifi...
CVE-2021-43509
CVE-2021-43509 affects Sourcecodester Simple Client Management System 1.0. The vulnerability is an SQL Injection in the view-service.php endpoint via the id parameter. Root cause is unsafely constructed SQL statements (lack of input validation), enabling an attacker to alter or retrieve database ...