cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-3184,https://securityvulnerability.io/vulnerability/CVE-2023-3184,SourceCodester Sales Tracker Management System cross site scripting,A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164.,SourceCodester,Sales Tracker Management System,4.8,MEDIUM,0.0011399999493733048,false,,false,false,false,,,false,false,,2023-06-09T13:15:00.000Z,0
CVE-2023-1983,https://securityvulnerability.io/vulnerability/CVE-2023-1983,SourceCodester Sales Tracker Management System GET Parameter manage_product.php sql injection,"A SQL injection vulnerability exists in the Sales Tracker Management System 1.0 by SourceCodester, specifically in the file /admin/products/manage_product.php within the GET Parameter Handler module. This flaw allows an attacker to manipulate the 'id' parameter, potentially leading to unauthorized access to the database. The vulnerability can be exploited remotely, making it imperative for users to address it promptly. The public disclosure of this exploit heightens the urgency, and users are advised to implement security measures to safeguard their data.",SourceCodester,Sales Tracker Management System,9.8,CRITICAL,0.0026400000788271427,false,,false,false,false,,,false,false,,2023-04-11T17:15:00.000Z,0
CVE-2023-1292,https://securityvulnerability.io/vulnerability/CVE-2023-1292,SourceCodester Sales Tracker Management System Master.php delete_client sql injection,"A vulnerability has been identified in SourceCodester's Sales Tracker Management System version 1.0, where improper handling of the 'id' argument in the delete_client function within classes/Master.php allows attackers to execute SQL injection attacks. This flaw is exploitable remotely, facilitating unauthorized access to the database and the potential unauthorized manipulation of data. Given the public disclosure of the exploit, immediate remediation is essential to safeguard sensitive information from malicious entities.",SourceCodester,Sales Tracker Management System,9.8,CRITICAL,0.002309999894350767,false,,false,false,false,,,false,false,,2023-03-09T15:15:00.000Z,0
CVE-2023-1290,https://securityvulnerability.io/vulnerability/CVE-2023-1290,SourceCodester Sales Tracker Management System view_client.php sql injection,"A SQL injection vulnerability has been identified in the Sales Tracker Management System 1.0. This flaw resides in the file admin/clients/view_client.php, where improper input validation on the 'id' argument allows attackers to manipulate queries executed by the database. This type of attack can be launched remotely, posing a significant risk to data integrity and confidentiality. The exploit has been publicly disclosed, making it crucial for users of this software to apply security measures and updates promptly.",SourceCodester,Sales Tracker Management System,9.8,CRITICAL,0.002309999894350767,false,,false,false,false,,,false,false,,2023-03-09T15:15:00.000Z,0
CVE-2023-1291,https://securityvulnerability.io/vulnerability/CVE-2023-1291,SourceCodester Sales Tracker Management System manage_client.php sql injection,"A security vulnerability has been identified within the SourceCodester Sales Tracker Management System 1.0, located in the manage_client.php file of the admin directory. The vulnerability arises from improper validation of the argument used in SQL queries, allowing for SQL injection attacks. This flaw enables attackers to manipulate the 'id' argument, which may lead to unauthorized access and data exposure. Given its remote exploitation capability, security measures should be taken immediately to mitigate potential risks associated with this vulnerability.",SourceCodester,Sales Tracker Management System,9.8,CRITICAL,0.002309999894350767,false,,false,false,false,,,false,false,,2023-03-09T15:15:00.000Z,0
CVE-2023-0999,https://securityvulnerability.io/vulnerability/CVE-2023-0999,SourceCodester Sales Tracker Management System cross-site request forgery,"A cross-site request forgery (CSRF) vulnerability has been identified in the SourceCodester Sales Tracker Management System version 1.0. This vulnerability affects the administrative interface specifically within the code of the file admin/?page=user/list. Attackers can exploit this vulnerability to initiate unauthorized actions on behalf of users without their consent, leading to potential data manipulation or unauthorized access. The exploit is publicly available, highlighting the need for urgent updates and security measures to mitigate the associated risks.",SourceCodester,Sales Tracker Management System,8.8,HIGH,0.010859999805688858,false,,false,false,false,,,false,false,,2023-02-24T08:15:00.000Z,0
CVE-2023-0986,https://securityvulnerability.io/vulnerability/CVE-2023-0986,SourceCodester Sales Tracker Management System Edit User sql injection,"A SQL injection vulnerability in the SourceCodester Sales Tracker Management System version 1.0 allows attackers to manipulate the 'id' argument in the 'admin/?page=user/manage_user' file. This exploitation can be executed remotely, compromising user data and potentially allowing unauthorized access to the system. The vulnerability requires immediate attention to mitigate risks associated with unauthorized data manipulation and access.",SourceCodester,Sales Tracker Management System,9.8,CRITICAL,0.0041600000113248825,false,,false,false,false,,,false,false,,2023-02-23T16:15:00.000Z,0
CVE-2023-0964,https://securityvulnerability.io/vulnerability/CVE-2023-0964,SourceCodester Sales Tracker Management System view_product.php sql injection,"A SQL injection vulnerability exists in the SourceCodester Sales Tracker Management System version 1.0, specifically in the 'view_product.php' file located in the admin/products directory. The vulnerability is triggered by improper handling of the 'id' parameter, allowing attackers to manipulate SQL queries and execute arbitrary commands on the database. This exploitation can occur remotely, making it a significant concern for system administrators. Although the complexity of executing the attack is relatively high, successful exploitation could lead to unauthorized data exposure and system compromise.",SourceCodester,Sales Tracker Management System,8.1,HIGH,0.0028800000436604023,false,,false,false,false,,,false,false,,2023-02-22T19:15:00.000Z,0