cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-2418,https://securityvulnerability.io/vulnerability/CVE-2024-2418,SQL Injection Vulnerability in SourceCodester Best POS Management System,"A severe vulnerability exists in the Best POS Management System version 1.0, specifically within the /view_order.php file. This vulnerability arises from improper handling of the 'id' parameter, which allows an attacker to execute SQL injection attacks. Such exploits can be performed remotely, providing malicious actors with unauthorized access to the database and potentially sensitive information. The vulnerability has been publicly disclosed, increasing the risk that it may be exploited by attackers. It is imperative for users of the affected product to implement security measures and stay informed about patches or updates that may mitigate this risk.",Sourcecodester,Best Pos Management System,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-13T18:00:07.000Z,true,false,false,,2024-03-13T18:00:07.179Z,0
CVE-2024-2156,https://securityvulnerability.io/vulnerability/CVE-2024-2156,SQL Injection Vulnerability in SourceCodester Best POS Management System,"A security risk has been identified in the SourceCodester Best POS Management System 1.0, where an SQL injection vulnerability exists due to improper validation of user input in the admin_class.php file. This vulnerability could allow attackers to manipulate the 'img' argument, potentially leading to unauthorized access to the database and manipulation of sensitive data. The exploit is accessible remotely, meaning that the attacker does not need physical access to the system to execute the attack. Given the public disclosure of this vulnerability, it is critical for affected users to implement security measures to mitigate potential exploitations.",Sourcecodester,Best Pos Management System,9.8,CRITICAL,0.0007300000288523734,false,,false,false,true,2024-03-04T01:00:08.000Z,true,false,false,,2024-03-04T01:00:08.665Z,0
CVE-2024-2155,https://securityvulnerability.io/vulnerability/CVE-2024-2155,Vulnerability in SourceCodester Best POS Management System 1.0 Allows Remote File Inclusion,A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255587.,Sourcecodester,Best Pos Management System,4.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-04T01:00:06.000Z,true,false,false,,2024-03-04T01:00:06.987Z,0
CVE-2023-3617,https://securityvulnerability.io/vulnerability/CVE-2023-3617,SourceCodester Best POS Management System Login Page admin_class.php sql injection,"A SQL injection vulnerability has been identified in the SourceCodester Best POS Management System 1.0, specifically within the login page functionality in the admin_class.php file. An attacker can manipulate the 'username' parameter, potentially leading to unauthorized access and other malicious consequences. This vulnerability can be exploited remotely, posing a significant risk to the system's integrity and security. Public knowledge of this exploit heightens the urgency for users to secure their installations.",SourceCodester,Best POS Management System,9.8,CRITICAL,0.0028299998957663774,false,,false,false,false,,,false,false,,2023-07-11T15:15:00.000Z,0
CVE-2023-0946,https://securityvulnerability.io/vulnerability/CVE-2023-0946,SourceCodester Best POS Management System sql injection,"A SQL injection vulnerability exists in the SourceCodester Best POS Management System 1.0, specifically within the billing/index.php file when manipulating the 'id' parameter. This flaw allows attackers to execute arbitrary SQL queries, potentially compromising the database's integrity. The attack can be executed remotely, making it essential for users and administrators to apply security patches and implement proper input validation to mitigate the risk.",SourceCodester,Best POS Management System,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-02-21T21:15:00.000Z,0
CVE-2023-0945,https://securityvulnerability.io/vulnerability/CVE-2023-0945,SourceCodester Best POS Management System cross site scripting,"A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input ""><img src=x onerror=prompt(document.domain);> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221592.",SourceCodester,Best POS Management System,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-02-21T21:15:00.000Z,0
CVE-2023-0943,https://securityvulnerability.io/vulnerability/CVE-2023-0943,SourceCodester Best POS Management System Image save_settings unrestricted upload,"An unrestricted upload vulnerability exists in the SourceCodester Best POS Management System 1.0, specifically impacting the save_settings function within the Image Handler component. This vulnerability allows an attacker to manipulate the img argument via the index.php?page=site_settings file to upload arbitrary files, such as shell scripts. The potential for remote exploitation poses significant risks, making it crucial for users to apply the necessary security measures and updates.",Sourcecodester,Best Pos Management System,8.8,HIGH,0.0031300000846385956,false,,false,false,false,,,false,false,,2023-02-21T20:15:00.000Z,0