Venan24/SCMS

Releases0

Sales & Company Management System

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-19923 ↗	Dec 6, 2018Thursday, 6 December 2018, 23:29	—	6.8 MEDIUM
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF.
CVE-2018-19924 ↗	Dec 6, 2018Thursday, 6 December 2018, 23:29	—	4.3 MEDIUM
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address.
CVE-2018-19925 ↗	Dec 6, 2018Thursday, 6 December 2018, 23:29	—	7.5 HIGH
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.
CVE-2018-19654 ↗	Nov 29, 2018Thursday, 29 November 2018, 05:29	7.5 HIGH	5 MEDIUM
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists.