MidnightBSD

Advisories for purchase_order_management_project

CVE-2023-29621

Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.

Products Affected

Vendor Product Version
purchase_order_management_project purchase_order_management 1.0
CVE-2023-29622

Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.

Products Affected

Vendor Product Version
purchase_order_management_project purchase_order_management 1.0
CVE-2023-29623

Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.

Products Affected

Vendor Product Version
purchase_order_management_project purchase_order_management 1.0