RSS   Podatności dla 'Stock management system'   RSS

2022-01-31
 
CVE-2021-44114

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function.

 
2020-09-09
 
CVE-2020-24198

CWE-79
 

 
A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.'

 
 
CVE-2020-24197

CWE-89
 

 
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter.

 
2020-09-02
 
CVE-2020-23830

CWE-352
 

 
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.

 
2020-09-01
 
CVE-2020-23831

CWE-79
 

 
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials.

 


Copyright 2024, cxsecurity.com

 

Back to Top