Vulnerabilities > Purchase Order Management Project

DATE CVE VULNERABILITY TITLE RISK
2023-04-14 CVE-2023-29621 Unrestricted Upload of File with Dangerous Type vulnerability in Purchase Order Management Project Purchase Order Management 1.0
Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.
8.8
2023-04-14 CVE-2023-29622 SQL Injection vulnerability in Purchase Order Management Project Purchase Order Management 1.0
Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.
network
low complexity
purchase-order-management-project CWE-89
critical
9.8
2023-04-14 CVE-2023-29623 Cross-site Scripting vulnerability in Purchase Order Management Project Purchase Order Management 1.0
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.
network
low complexity
purchase-order-management-project CWE-79
6.1