cbcvebase.

Stock Management System Project Stock Management System vulnerabilities

7 known vulnerabilities affecting stock_management_system_project/stock_management_system.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2023-51951P3CRITICALCVSS 9.8PoCv1.02024-02-05
CVE-2023-51951 [CRITICAL] CWE-89 CVE-2023-51951: SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbit SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.
nvd
CVE-2020-24197P3CRITICALCVSS 9.8v1.02020-09-09
CVE-2020-24197 [CRITICAL] CWE-89 CVE-2020-24197: A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote a A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter.
nvd
CVE-2024-36779P3CRITICALCVSS 9.8v1.02024-06-06
CVE-2024-36779 [CRITICAL] CWE-89 CVE-2024-36779: Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.
nvd
CVE-2020-23831P4MEDIUMCVSS 6.1v1.02020-09-01
CVE-2020-23831 [MEDIUM] CWE-79 CVE-2020-23831: A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of Source A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials.
nvd
CVE-2020-23830P4HIGHCVSS 7.1v1.02020-09-02
CVE-2020-23830 [HIGH] CWE-352 CVE-2020-23830: A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Mana A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.
nvd
CVE-2020-24198P4MEDIUMCVSS 6.1v1.02020-09-09
CVE-2020-24198 [MEDIUM] CWE-79 CVE-2020-24198: A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allow A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.'
nvd
CVE-2021-44114P4MEDIUMCVSS 4.8v1.02022-01-31
CVE-2021-44114 [MEDIUM] CWE-79 CVE-2021-44114: Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function.
nvd
Stock Management System Project Stock Management System vulnerabilities | cvebase