CVE-2022-26284

Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.

CVE-2022-29748

Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=.

CVE-2022-26285

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.

CVE-2021-43484

A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.

CVE-2022-29750

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service.

CVE-2022-29747

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id.

CVE-2022-29980

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=.

CVE-2022-29751

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client.

CVE-2022-29983

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=.

CVE-2022-29749

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice.

CVE-2021-43505

Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice.

CVE-2022-29979

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation.

CVE-2021-43506

An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php.

CVE-2021-43657

A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields.

CVE-2022-29981

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete.

CVE-2022-29984

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=.

CVE-2022-29982

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=.

CVE-2021-43509

SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php.

CVE-2021-43510

SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.

CVE-2024-48570

Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.