Simplecustomer
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-1637 | 0.03 | — | 0.02 | May 15, 2009 | profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters. | |||
| CVE-2008-6332 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||
| CVE-2008-6326 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-6081 | 0.03 | — | 0.01 | Feb 6, 2009 | SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
- CVE-2009-1637May 15, 2009risk 0.03cvss —epss 0.02
profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters.
- CVE-2008-6332Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter.
- CVE-2008-6326Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-6081Feb 6, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.