RSS   Podatności dla
'Sales & company management system'
   RSS

2018-12-06
 
CVE-2018-19925

CWE-89
 

 
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.

 
 
CVE-2018-19924

CWE-79
 

 
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address.

 
 
CVE-2018-19923

CWE-352
 

 
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF.

 


Copyright 2024, cxsecurity.com

 

Back to Top