Simple Client Management System Project Simple Client Management System — known CVE vulnerabilities
Every CVE whose affected-product data names Simple Client Management System Project Simple Client Management System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2022-29984 — CVSS 9.8 (critical): Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=.
CVE-2022-29983 — CVSS 9.8 (critical): Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=.
CVE-2021-43484 — CVSS 9.8 (critical): A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the…
CVE-2021-43506 — CVSS 9.8 (critical): An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php.
CVE-2021-43509 — CVSS 9.8 (critical): SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php.
CVE-2021-43510 — CVSS 9.8 (critical): SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.
CVE-2022-26284 — CVSS 9.8 (critical): Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client…
CVE-2022-26285 — CVSS 9.8 (critical): Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This…
CVE-2022-29747 — CVSS 9.8 (critical): Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id.
CVE-2022-29748 — CVSS 9.8 (critical): Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=.
CVE-2022-29749 — CVSS 9.8 (critical): Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice.
CVE-2022-29750 — CVSS 9.8 (critical): Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service.
CVE-2022-29751 — CVSS 9.8 (critical): Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client.
CVE-2022-29979 — CVSS 9.8 (critical): Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation.
CVE-2022-29980 — CVSS 9.8 (critical): Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=.
CVE-2022-29982 — CVSS 9.8 (critical): Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=.
CVE-2021-43505 — CVSS 5.4 (medium): Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and…
CVE-2021-43657 — CVSS 5.4 (medium): A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows…