Simple Stock System
Monthly
A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Stored cross-site scripting (XSS) in Simple Stock System 1.0 via the /market/chatuser.php endpoint allows remote attackers to inject malicious scripts without authentication. User interaction is required for payload execution. Publicly available exploit code exists; EPSS score of 0.08% indicates low statistical exploitation probability despite XSS classification.
A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
SQL injection in Simple Stock System 1.0 via the Username parameter in /checkuser.php allows authenticated remote attackers to manipulate database queries with low impact to confidentiality, integrity, and availability. The CVSS 4.0 vector (PR:L) indicates login is required, but an EPSS score of 0.05% and very low CVSS base of 2.1 suggest minimal real-world exploitation risk despite public exploit availability.
A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Stored cross-site scripting (XSS) in Simple Stock System 1.0 via the /market/chatuser.php endpoint allows remote attackers to inject malicious scripts without authentication. User interaction is required for payload execution. Publicly available exploit code exists; EPSS score of 0.08% indicates low statistical exploitation probability despite XSS classification.
A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
SQL injection in Simple Stock System 1.0 via the Username parameter in /checkuser.php allows authenticated remote attackers to manipulate database queries with low impact to confidentiality, integrity, and availability. The CVSS 4.0 vector (PR:L) indicates login is required, but an EPSS score of 0.05% and very low CVSS base of 2.1 suggest minimal real-world exploitation risk despite public exploit availability.