7 matches found
CVE-2020-23835
The CVE-2020-23835 issue affects SourceCodester Tailor Management System v1.0, specifically the index.php login-portal page. A Reflected Cross-Site Scripting (XSS) vulnerability in this page allows remote attackers to trigger the vulnerability when a victim clicks a malicious URL and starts typin...
CVE-2020-36077
CVE-2020-36077 describes an SQL injection in Tailor Mangement System v1, exploitable via the customer parameter of orderadd.php, potentially leading to arbitrary code execution. Public details consistently identify the vulnerable component as the Tailor Mangement System and the trigger is a query...
CVE-2020-36072
CVE-2020-36072 is a SQL injection vulnerability in Tailor Management System v1 . The issue allows a remote attacker to execute arbitrary code through the id parameter. The entry is scored with CVSS v3.1 (8.8 HIGH) , with attack vector network , complexity low , privileges low , user interaction n...
CVE-2020-36071
Tailor Management System v1 contains an SQL injection in the email.php page, exploited via the customer parameter. Root cause: unsanitized input enabling code execution. Impact: remote authenticated attacker could execute arbitrary code with high confidentiality, integrity, and availability impac...
CVE-2020-36073
Tailor Management System v1 is affected by a SQL injection in the detail parameter of the document.php page. The vulnerability may allow a remote attacker to execute arbitrary code via SQL injection. Root cause: unsafely constructed input into the detail parameter leading to code execution. No fi...
CVE-2021-40260
CVE-2021-40260 concerns multiple XSS vulnerabilities in SourceCodester Tailor Management 1.0. The affected components are the web pages and parameters: (1) eid in partedit.php and customeredit.php, (2) id in editmeasurement.php and addpayment.php, and (3) error in index.php. The sources indicate ...
CVE-2020-36074
CVE-2020-36074 is a SQL injection vulnerability in Tailor Mangement System v.1, where a remote attacker can cause arbitrary code execution through the title parameter. The issue stems from improper input handling in a query path involving the title field. Multiple connected sources corroborate th...