RSS   Vulnerabilities for 'E-negosyo system'   RSS

2021-10-29
 
CVE-2021-41674

CWE-89
 
 
An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php.

 
 
CVE-2021-41675

CWE-434
 
 
A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. .

 

Copyright 2024, cxsecurity.com

 

Back to Top