Simple Customer Relationship Management System
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-43130 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2021 | An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php. | ||
| CVE-2023-24732 | Hig | 0.57 | 8.8 | 0.01 | Mar 15, 2023 | Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the gender parameter in the user profile update function. | ||
| CVE-2023-24656 | Hig | 0.57 | 8.8 | 0.01 | Feb 27, 2023 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function. | ||
| CVE-2021-37221 | Hig | 0.57 | 8.8 | 0.01 | Oct 27, 2021 | A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. . | ||
| CVE-2023-0917 | Hig | 0.48 | 7.3 | 0.01 | Feb 19, 2023 | A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. This affects an unknown part of the file /php-scrm/login.php. The manipulation of the argument Password leads to sql injection. It is possible to… | ||
| CVE-2023-24204 | Med | 0.35 | 5.4 | 0.01 | May 14, 2024 | SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php. | ||
| CVE-2023-24203 | Med | 0.35 | 5.4 | 0.01 | May 14, 2024 | Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s). |
- risk 0.64cvss 9.8epss 0.02
An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.
- risk 0.57cvss 8.8epss 0.01
Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the gender parameter in the user profile update function.
- risk 0.57cvss 8.8epss 0.01
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function.
- risk 0.57cvss 8.8epss 0.01
A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. .
- risk 0.48cvss 7.3epss 0.01
A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. This affects an unknown part of the file /php-scrm/login.php. The manipulation of the argument Password leads to sql injection. It is possible to…
- risk 0.35cvss 5.4epss 0.01
SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s).