sajaljat

4 exploits Active since Oct 2023
CVE-2024-1269 NOMISEC LOW NO CODE
SourceCodester Product Management System 1.0 - XSS
A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The manipulation of the argument supplier_name/supplier_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253012.
CVSS 2.4
CVE-2023-46449 NOMISEC HIGH WRITEUP
Mayurik Inventory Management System - Incorrect Permission Assignment
Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.
CVSS 8.8
CVE-2023-46451 NOMISEC MEDIUM WRITEUP
Best Courier Management System v1.0 - XSS
Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field.
CVSS 5.4
CVE-2023-46980 NOMISEC CRITICAL SUSPICIOUS
Best Courier Management System <1.0 - RCE
An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter.
CVSS 9.8