Simple Client Management System Project Simple Client Management System vulnerabilities
19 known vulnerabilities affecting simple_client_management_system_project/simple_client_management_system.
Total CVEs
19
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL17MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-43510P2CRITICALCVSS 9.8PoCv1.02022-02-01
CVE-2021-43510 [CRITICAL] CWE-89 CVE-2021-43510: SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the use
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.
nvd
CVE-2021-43484P3CRITICALCVSS 9.8v1.02022-03-31
CVE-2021-43484 [CRITICAL] CWE-89 CVE-2021-43484: A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.
nvd
CVE-2021-43509P3CRITICALCVSS 9.8v1.02022-02-01
CVE-2021-43509 [CRITICAL] CWE-89 CVE-2021-43509: SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php.
nvd
CVE-2021-43506P3CRITICALCVSS 9.8v1.02022-03-31
CVE-2021-43506 [CRITICAL] CWE-89 CVE-2021-43506: An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php.
nvd
CVE-2022-26285P3CRITICALCVSS 9.8v1.02022-03-21
CVE-2022-26285 [CRITICAL] CWE-89 CVE-2022-26285: Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
nvd
CVE-2022-26284P3CRITICALCVSS 9.8v1.02022-03-21
CVE-2022-26284 [CRITICAL] CWE-89 CVE-2022-26284: Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
nvd
CVE-2022-29984P3CRITICALCVSS 9.8v1.02022-05-12
CVE-2022-29984 [CRITICAL] CWE-89 CVE-2022-29984: Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=.
nvd
CVE-2022-29981P3CRITICALCVSS 9.8v1.02022-05-12
CVE-2022-29981 [CRITICAL] CWE-89 CVE-2022-29981: Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=dele
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete.
nvd
CVE-2022-29748P3CRITICALCVSS 9.8v1.02022-05-12
CVE-2022-29748 [CRITICAL] CWE-89 CVE-2022-29748: Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage
Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=.
nvd
CVE-2022-29983P3CRITICALCVSS 9.8v1.02022-05-12
CVE-2022-29983 [CRITICAL] CWE-89 CVE-2022-29983: Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=.
nvd
CVE-2022-29749P3CRITICALCVSS 9.8v1.02022-05-12
CVE-2022-29749 [CRITICAL] CWE-89 CVE-2022-29749: Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=del
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice.
nvd
CVE-2022-29979P3CRITICALCVSS 9.8v1.02022-05-12
CVE-2022-29979 [CRITICAL] CWE-89 CVE-2022-29979: Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=del
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation.
nvd
CVE-2022-29751P3CRITICALCVSS 9.8v1.02022-05-12
CVE-2022-29751 [CRITICAL] CWE-89 CVE-2022-29751: Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=del
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client.
nvd
CVE-2022-29750P3CRITICALCVSS 9.8v1.02022-05-12
CVE-2022-29750 [CRITICAL] CWE-89 CVE-2022-29750: Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=del
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service.
nvd
CVE-2022-29980P3CRITICALCVSS 9.8v1.02022-05-12
CVE-2022-29980 [CRITICAL] CWE-89 CVE-2022-29980: Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=.
nvd
CVE-2022-29982P3CRITICALCVSS 9.8v1.02022-05-12
CVE-2022-29982 [CRITICAL] CWE-89 CVE-2022-29982: Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=.
nvd
CVE-2022-29747P3CRITICALCVSS 9.8v1.02022-05-12
CVE-2022-29747 [CRITICAL] CWE-89 CVE-2022-29747: Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/mana
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id.
nvd
CVE-2021-43657P4MEDIUMCVSS 5.4v1.02022-12-22
CVE-2021-43657 [MEDIUM] CWE-79 CVE-2021-43657: A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client M
A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields.
nvd
CVE-2021-43505P4MEDIUMCVSS 5.4v1.02022-03-31
CVE-2021-43505 [MEDIUM] CWE-79 CVE-2021-43505: Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Managemen
Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice.
nvd