Vulnerabilities for Simple water refilling station management system ( management system project...) - CXSECURITY.COM

Vulnerabilities for
'Simple water refilling station management system'

2021-09-07

CVE-2021-38840

CWE-89

SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter.

CVE-2021-38841

CWE-434

Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action.

Copyright 2024, cxsecurity.com