Small Crm Project Small Crm — known CVE vulnerabilities
Every CVE whose affected-product data names Small Crm Project Small Crm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2023-50035 — CVSS 9.8 (critical): PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the…
CVE-2020-5511 — CVSS 8.8 (high): PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.
CVE-2023-45394 — CVSS 5.4 (medium): Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker…
CVE-2023-43331 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or…
CVE-2022-47073 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or…
CVE-2023-44075 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to…