VYPR

E-Negosyo System

by Sourcecodester

CVEs (2)

  • CVE-2021-41674CriOct 29, 2021
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php.

  • CVE-2021-41675HigOct 29, 2021
    risk 0.47cvss 7.2epss 0.03

    A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. .