Filtered by vendor Sales \& Company Management System Project
Subscribe
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-19654 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2020-06-02 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists. | |||||
CVE-2018-19925 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2019-01-11 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter. | |||||
CVE-2018-19924 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2019-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address. | |||||
CVE-2018-19923 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2019-01-11 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF. |