VYPR

Stock Management System

by Sourcecodester

CVEs (14)

  • CVE-2020-24197CriSep 9, 2020
    risk 0.64cvss 9.8epss 0.01

    A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter.

  • CVE-2024-5774HigJun 9, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability has been found in SourceCodester Stock Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument username/password leads to sql…

  • CVE-2025-4935HigMay 19, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in SourceCodester Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/changePassword.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated…

  • CVE-2025-4283HigMay 5, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Login.php?f=login. The manipulation of the argument Username leads to sql injection. The attack may be…

  • CVE-2020-23830HigSep 2, 2020
    risk 0.46cvss 7.1epss 0.01

    A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.

  • CVE-2020-23831MedSep 1, 2020
    risk 0.42cvss 6.4epss 0.01

    A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters…

  • CVE-2025-4806MedMay 16, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=back_order/view_bo. The manipulation of the argument ID leads to sql…

  • CVE-2025-4787MedMay 16, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected is an unknown function of the file /admin/?page=sales/view_sale. The manipulation of the argument ID leads to sql injection. It is possible to launch the…

  • CVE-2025-4786MedMay 16, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/?page=return/view_return. The manipulation of the argument ID leads to sql injection. The attack may be…

  • CVE-2025-4782MedMay 16, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /sms/admin/?page=receiving/view_receiving&id=1. The manipulation of the argument ID leads to sql injection. The…

  • CVE-2024-5515MedMay 30, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in SourceCodester Stock Management System 1.0. It has been classified as critical. Affected is an unknown function of the file createBrand.php. The manipulation of the argument brandName leads to sql injection. It is possible to launch the attack…

  • CVE-2020-24198MedSep 9, 2020
    risk 0.40cvss 6.1epss 0.01

    A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.'

  • CVE-2021-44114MedJan 31, 2022
    risk 0.31cvss 4.8epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function.

  • CVE-2025-4282MedMay 5, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save. The manipulation leads to cross-site request forgery. The attack can be initiated…