7 matches found
CVE-2023-44075
CVE-2023-44075 is a reported Cross Site Scripting vulnerability in Small CRM for PHP v3.0. The issue arises in the Address parameter and can let a remote attacker execute arbitrary code when exploiting the vulnerability. Documented impact ranges from constructive code execution to potential confi...
CVE-2023-45394
The CVE-2023-45394 issue affects Small CRM v3.0, described as a Stored Cross-Site Scripting (XSS) vulnerability in the Company field of the "Request a Quote" section. The root cause is unsafely handling input in that field, enabling an attacker to store and execute malicious JavaScript in the Adm...
CVE-2023-50035
CVE-2023-50035 affects PHPGurukul Small CRM 3.0. The issue is a SQL Injection in the Users login panel caused by directly using the password parameter in SQL queries without sanitization, enabling payload execution. The CVSSv3.1 base score is 9.8 (CRITICAL). Some connected sources (PT Security) d...
CVE-2022-47073
CVE-2022-47073 describes a cross-site scripting (XSS) vulnerability in Small CRM v3.0, specifically on the Create Ticket page where a crafted payload injected into the Subject parameter can execute arbitrary web scripts/HTML. The issue arises from improper handling of the Subject input, enabling ...
CVE-2020-5511
PHPGurukul Small CRM v2.0 is vulnerable to an authentication bypass via SQL injection on the administrator login page. The root cause is lack of validation of externally entered SQL statements in the /in***.php file (v2.0). This can permit unauthorized access to the admin area, with potential fur...
CVE-2023-43331
CVE-2023-43331 is an XSS in the Add User function of Small CRM v3.0, exploited by injecting crafted payloads into the Name field. Affected: Small CRM v3.0 (Add User/Name field). Root cause: inadequate input sanitization leading to script/HTML execution. Public metrics indicate CVSS v3.1 base scor...
CVE-2023-34650
CVE-2023-34650 affects PHPgurukl Small CRM v1.0. Multiple connected sources indicate a Cross-Site Scripting (XSS) vulnerability, with CNNVD describing it as a stored XSS issue. NVD lists a CVSS v3.1 base score of 6.1 (Medium) and notes the attack vector is network with user interaction required. ...