Sourcecodester Gadget Works Online Ordering System vulnerabilities

4 known vulnerabilities affecting sourcecodester/gadget_works_online_ordering_system.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-1795MEDIUMCVSS 6.1v1.02023-04-02
CVE-2023-1795 [LOW] CWE-79 CVE-2023-1795: A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been rat A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/products/index.php of the component GET Parameter Handler. The manipulation of the argument view with the input alert(666) leads to cross site scripting. The attack may be init
cvelistv5nvd
CVE-2023-1433HIGHCVSS 7.2v1.02023-03-16
CVE-2023-1433 [MEDIUM] CWE-434 CVE-2023-1433: A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been cla A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/products/controller.php?action=add of the component Products Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack re
cvelistv5nvd
CVE-2023-1358CRITICALCVSS 9.8v1.02023-03-12
CVE-2023-1358 [MEDIUM] CWE-89 CVE-2023-1358: A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online O A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0. This affects an unknown part of the file /philosophy/admin/login.php of the component POST Parameter Handler. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The expl
cvelistv5nvd
CVE-2023-1359MEDIUMCVSS 4.8v1.02023-03-12
CVE-2023-1359 [LOW] CWE-79 CVE-2023-1359: A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classif A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument U_NAME leads to cross site scripting. The attack can be initiated remote
cvelistv5nvd