Sales & Company Management System Project: Security Vulnerabilities
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-06
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-06
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-12-06
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-11-29