Packers and Movers Management System
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-48427 | 0.01 | — | 0.01 | Oct 24, 2024 | A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id | |||
| CVE-2024-57523 | 0.00 | — | 0.00 | Feb 6, 2025 | Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user. | |||
| CVE-2024-57522 | 0.00 | — | 0.01 | Feb 3, 2025 | SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation. | |||
| CVE-2023-46435 | 0.00 | — | 0.01 | Oct 26, 2023 | Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. | |||
| CVE-2023-30415 | 0.00 | — | 0.01 | Sep 28, 2023 | Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. |
- CVE-2024-48427Oct 24, 2024risk 0.01cvss —epss 0.01
A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id
- CVE-2024-57523Feb 6, 2025risk 0.00cvss —epss 0.00
Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user.
- CVE-2024-57522Feb 3, 2025risk 0.00cvss —epss 0.01
SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.
- CVE-2023-46435Oct 26, 2023risk 0.00cvss —epss 0.01
Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id.
- CVE-2023-30415Sep 28, 2023risk 0.00cvss —epss 0.01
Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.