Inventory Management System Project Inventory Management System vulnerabilities

CVE-2023-36337 [MEDIUM] CWE-79 CVE-2023-36337: A reflected cross-site scripting (XSS) vulnerability in the component /index.php/cuzh4 of PHP Invent A reflected cross-site scripting (XSS) vulnerability in the component /index.php/cuzh4 of PHP Inventory Management System 1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2023-36338 [MEDIUM] CWE-89 CVE-2023-36338: Inventory Management System 1 was discovered to contain a SQL injection vulnerability. Inventory Management System 1 was discovered to contain a SQL injection vulnerability.

CVE-2023-4558 [MEDIUM] CWE-89 CVE-2023-4558: A vulnerability classified as critical was found in SourceCodester Inventory Management System 1.0. A vulnerability classified as critical was found in SourceCodester Inventory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file staff_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be u

CVE-2023-4557 [MEDIUM] CWE-89 CVE-2023-4557: A vulnerability classified as critical has been found in SourceCodester Inventory Management System A vulnerability classified as critical has been found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_purchase_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m

CVE-2023-4555 [LOW] CWE-79 CVE-2023-4555: A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as p A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file suppliar_data.php. The manipulation of the argument name/company leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the pub

CVE-2023-4449 [MEDIUM] CWE-89 CVE-2023-4449: A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed t

CVE-2023-4437 [MEDIUM] CWE-89 CVE-2023-4437: A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_sell_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public an

CVE-2023-4436 [MEDIUM] CWE-89 CVE-2023-4436: A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Manage A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/edit_update.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma

CVE-2023-4438 [MEDIUM] CWE-89 CVE-2023-4438: A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as c A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the

CVE-2023-4182 [HIGH] CWE-89 CVE-2023-4182: A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-236217 was assigned to this vulnerability.

CVE-2023-4184 [HIGH] CWE-89 CVE-2023-4184: A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critic A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sell_return.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-236219.

CVE-2023-4183 [MEDIUM] CWE-284 CVE-2023-4183: A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as p A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identi

CVE-2023-24232 [MEDIUM] CWE-79 CVE-2023-24232: A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/ A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.

CVE-2023-24231 [MEDIUM] CWE-79 CVE-2023-24231: A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/ A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter.

CVE-2023-24234 [MEDIUM] CWE-79 CVE-2023-24234: A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/b A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter.

CVE-2023-24233 [MEDIUM] CWE-79 CVE-2023-24233: A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/ A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter.