Vulnerabilities (CVE)

Filtered by vendor Ingredient Stock Management System Project Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-36690 1 Ingredient Stock Management System Project 1 Ingredient Stock Management System 2024-11-21 N/A 8.8 HIGH
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=.
CVE-2022-36689 1 Ingredient Stock Management System Project 1 Ingredient Stock Management System 2024-11-21 N/A 8.8 HIGH
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=.
CVE-2022-36688 1 Ingredient Stock Management System Project 1 Ingredient Stock Management System 2024-11-21 N/A 8.8 HIGH
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=.
CVE-2022-36687 1 Ingredient Stock Management System Project 1 Ingredient Stock Management System 2024-11-21 N/A 6.5 MEDIUM
Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.
CVE-2022-36686 1 Ingredient Stock Management System Project 1 Ingredient Stock Management System 2024-11-21 N/A 8.8 HIGH
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=.
CVE-2022-32311 1 Ingredient Stock Management System Project 1 Ingredient Stock Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.
CVE-2022-32310 1 Ingredient Stock Management System Project 1 Ingredient Stock Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.