Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Sales \& Company Management System Project Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-19654 1 Sales \& Company Management System Project 1 Sales \& Company Management System 2020-06-02 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists.
CVE-2018-19925 1 Sales \& Company Management System Project 1 Sales \& Company Management System 2019-01-11 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.
CVE-2018-19924 1 Sales \& Company Management System Project 1 Sales \& Company Management System 2019-01-11 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address.
CVE-2018-19923 1 Sales \& Company Management System Project 1 Sales \& Company Management System 2019-01-11 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF.