Simple Inventory System
Monthly
SQL injection in SourceCodester Simple Inventory System 1.0 via the uemail parameter in /user.php allows authenticated remote attackers to manipulate database queries with low impact. CVSS 2.1 reflects the low severity due to authentication requirement and limited scope, but a public exploit exists and EPSS percentile of 8% indicates below-average real-world exploitation likelihood despite POC availability.
SQL injection in SourceCodester Simple Inventory System 1.0 via the editBrandName parameter in /brand.php allows authenticated remote attackers to manipulate database queries with low confidentiality, integrity, and availability impact. The CVSS 2.1 score reflects limited scope (authenticated access required, low impact to CIA triad), but publicly available exploit code exists despite minimal real-world exploitation probability (EPSS 0.03%, 8th percentile).
SQL injection in SourceCodester Simple Inventory System 1.0 via the uemail parameter in /user.php allows authenticated remote attackers to manipulate database queries with low impact. CVSS 2.1 reflects the low severity due to authentication requirement and limited scope, but a public exploit exists and EPSS percentile of 8% indicates below-average real-world exploitation likelihood despite POC availability.
SQL injection in SourceCodester Simple Inventory System 1.0 via the editBrandName parameter in /brand.php allows authenticated remote attackers to manipulate database queries with low confidentiality, integrity, and availability impact. The CVSS 2.1 score reflects limited scope (authenticated access required, low impact to CIA triad), but publicly available exploit code exists despite minimal real-world exploitation probability (EPSS 0.03%, 8th percentile).