Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Very High

CVE-2021-36624

Disclosure Date: July 30, 2021 (last updated November 28, 2024)
Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
1
Attacker Value
Unknown

CVE-2021-36560

Disclosure Date: November 02, 2021 (last updated November 28, 2024)
Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-36623

Disclosure Date: August 03, 2021 (last updated November 28, 2024)
Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-35337

Disclosure Date: July 01, 2021 (last updated November 28, 2024)
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0