Sourcecodester Alphaware Simple E-Commerce System vulnerabilities

CVE-2023-1504 [MEDIUM] CWE-89 CVE-2023-1504: A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce Syste A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce System 1.0. This vulnerability affects unknown code. The manipulation of the argument email/password with the input test1%40test.com ' AND (SELECT 6077 FROM (SELECT(SLEEP(5)))dltn) AND 'PhRa'='PhRa leads to sql injection. The attack can be initiated remotely.

CVE-2023-1503 [MEDIUM] CWE-89 CVE-2023-1503: A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/admin_index.php. The manipulation of the argument username/password with the input admin' AND (SELECT 8062 FROM (SELECT(SLEEP(5)))meUD)-- hLiX leads to sql injection. It is possible to initiate th

CVE-2023-1502 [MEDIUM] CWE-89 CVE-2023-1502: A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rate A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/edit_customer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP(5) AND 'dAbu'='dAbu leads to sql injection. The attack may be

CVE-2023-0998 [MEDIUM] CWE-284 CVE-2023-0998: A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been

CVE-2022-2678 [MEDIUM] CWE-434 CVE-2022-2678: A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the p

CVE-2022-2682 [LOW] CWE-79 CVE-2022-2682: A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Sim A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input '">alert(/xss/) leads to cross site scripting. The attack may be launched remotely. The exploit has been