CVE-2024-57523
- EPSS 0.41%
- Veröffentlicht 06.02.2025 19:15:19
- Zuletzt bearbeitet 22.04.2025 20:06:16
Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user.
CVE-2024-57522
- EPSS 1.21%
- Veröffentlicht 03.02.2025 13:15:21
- Zuletzt bearbeitet 22.04.2025 20:08:29
SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.
CVE-2024-48427
- EPSS 13.39%
- Veröffentlicht 24.10.2024 19:15:15
- Zuletzt bearbeitet 31.10.2024 00:07:25
A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id
CVE-2023-46956
- EPSS 2.08%
- Veröffentlicht 30.11.2023 23:15:07
- Zuletzt bearbeitet 21.11.2024 08:29:33
SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file.
CVE-2023-46435
- EPSS 0.07%
- Veröffentlicht 26.10.2023 18:15:08
- Zuletzt bearbeitet 21.11.2024 08:28:31
Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id.
CVE-2023-30415
- EPSS 0.14%
- Veröffentlicht 28.09.2023 16:15:10
- Zuletzt bearbeitet 21.11.2024 08:00:08
Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.