cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-1926,https://securityvulnerability.io/vulnerability/CVE-2024-1926,SQL Injection Vulnerability in SourceCodester Inventory Management System,"A SQL injection vulnerability has been identified in the SourceCodester Free and Open Source Inventory Management System, specifically within the /app/ajax/search_sales_report.php file. This issue arises from inadequate validation of the 'customer' parameter, allowing attackers to manipulate SQL queries and potentially retrieve or modify sensitive data remotely. Given that this vulnerability has been publicly disclosed, it poses a significant risk to organizations using the affected version of the Inventory Management System. It is crucial for users to implement immediate remediation measures to safeguard their applications against potential exploitation.",Sourcecodester,Free And Open Source Inventory Management System,9.8,CRITICAL,0.0007900000200606883,false,,false,false,true,2024-02-27T17:00:12.000Z,true,false,false,,2024-02-27T17:00:12.007Z,0
CVE-2023-7157,https://securityvulnerability.io/vulnerability/CVE-2023-7157,SourceCodester Free and Open Source Inventory Management System sell_return_data.php sql injection,"A vulnerability exists in the SourceCodester Free and Open Source Inventory Management System, specifically in the processing of the '/app/ajax/sell_return_data.php' file. An attacker can exploit this flaw by manipulating the 'columns[0][data]' argument, enabling the execution of unauthorized SQL queries. This allows for potential data extraction and manipulation, jeopardizing the integrity of the affected system. The vulnerability may be triggered remotely, making it crucial for users to implement security measures to mitigate the risks associated with this issue.",SourceCodester,Free and Open Source Inventory Management System,9.8,CRITICAL,0.0014100000262260437,false,,false,false,false,,,false,false,,2023-12-29T06:15:00.000Z,0
CVE-2023-7155,https://securityvulnerability.io/vulnerability/CVE-2023-7155,SourceCodester Free and Open Source Inventory Management System edit_product.php sql injection,"A SQL injection vulnerability exists in the SourceCodester Free and Open Source Inventory Management System 1.0. This vulnerability is triggered by manipulating the 'id' argument in the edit_product.php file. A successful exploit allows an attacker to execute arbitrary SQL statements, potentially compromising the integrity of the database. The vulnerability can be exploited remotely, making it a significant concern for users of the affected software. It's crucial for organizations using this software to apply security measures to mitigate the risk.",SourceCodester,Free and Open Source Inventory Management System,8.8,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2023-12-29T05:15:00.000Z,0
CVE-2023-6306,https://securityvulnerability.io/vulnerability/CVE-2023-6306,SourceCodester Free and Open Source Inventory Management System member_data.php sql injection,"A security vulnerability has been identified in the SourceCodester Free and Open Source Inventory Management System that allows for SQL injection through manipulation of the 'columns' argument in the 'member_data.php' file. This flaw can be exploited remotely by attackers, potentially leading to unauthorized access to sensitive data stored in the database. Public knowledge of this exploit heightens the risk of attacks, necessitating immediate attention from users to safeguard their systems.",SourceCodester,Free and Open Source Inventory Management System,9.8,CRITICAL,0.0014100000262260437,false,,false,false,false,,,false,false,,2023-11-27T02:15:00.000Z,0
CVE-2023-6305,https://securityvulnerability.io/vulnerability/CVE-2023-6305,SourceCodester Free and Open Source Inventory Management System suppliar_data.php sql injection,"A vulnerability exists in SourceCodester's Free and Open Source Inventory Management System 1.0 that allows for SQL injection through improper handling of the 'columns' argument in the file ample/app/ajax/suppliar_data.php. This issue can be exploited remotely, potentially allowing an attacker to manipulate the database through crafted requests. Given the disclosure of this vulnerability, it poses a risk to systems that have not applied necessary mitigations.",SourceCodester,Free and Open Source Inventory Management System,9.8,CRITICAL,0.0014100000262260437,false,,false,false,false,,,false,false,,2023-11-27T01:15:00.000Z,0
CVE-2023-4449,https://securityvulnerability.io/vulnerability/CVE-2023-4449,SourceCodester Free and Open Source Inventory Management System sql injection,"A vulnerability has been identified in the SourceCodester Free and Open Source Inventory Management System version 1.0, specifically within the handling of the file /index.php?page=member. The flaw arises from improper validation of user input in the parameter columns[0][data], which opens the door to SQL injection attacks. This vulnerability enables an attacker to manipulate SQL queries executed by the application, potentially leading to unauthorized access to sensitive data. Given that the exploit is publicly known, immediate attention to patching and corrective measures is crucial to safeguard affected installations.",SourceCodester,Free and Open Source Inventory Management System,8.8,HIGH,0.003010000102221966,false,,false,false,false,,,false,false,,2023-08-21T02:15:00.000Z,0