汇总 simple_client_management_system_project 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 SQL 注入与跨站脚本,在 生产负载与软件部署 使用场景中可能带来 数据泄露与会话劫持 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2021-43657 | A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields. | [email protected] | 5.4 | 0.72% | 2022-12-21 | 2026-06-17 |
| CVE-2022-29984 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=. | [email protected] | 9.8 | 1.63% | 2022-05-12 | 2026-06-17 |
| CVE-2022-29983 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=. | [email protected] | 9.8 | 1.63% | 2022-05-12 | 2026-06-17 |
| CVE-2022-29982 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=. | [email protected] | 9.8 | 1.57% | 2022-05-12 | 2026-06-17 |
| CVE-2022-29981 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete. | [email protected] | 9.8 | 1.57% | 2022-05-12 | 2026-06-17 |
| CVE-2022-29980 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=. | [email protected] | 9.8 | 1.57% | 2022-05-12 | 2026-06-17 |
| CVE-2022-29979 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation. | [email protected] | 9.8 | 1.57% | 2022-05-12 | 2026-06-17 |
| CVE-2022-29751 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. | [email protected] | 9.8 | 1.57% | 2022-05-12 | 2026-06-17 |
| CVE-2022-29750 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. | [email protected] | 9.8 | 1.57% | 2022-05-12 | 2026-06-17 |
| CVE-2022-29749 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. | [email protected] | 9.8 | 1.57% | 2022-05-12 | 2026-06-17 |
| CVE-2022-29748 | Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=. | [email protected] | 9.8 | 1.57% | 2022-05-12 | 2026-06-17 |
| CVE-2022-29747 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. | [email protected] | 9.8 | 1.57% | 2022-05-12 | 2026-06-17 |
| CVE-2021-43484 | A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. | [email protected] | 9.8 | 3.31% | 2022-03-31 | 2026-06-17 |
| CVE-2021-43506 | An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. | [email protected] | 9.8 | 1.57% | 2022-03-31 | 2026-06-17 |
| CVE-2021-43505 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice. | [email protected] | 5.4 | 0.53% | 2022-03-31 | 2026-06-17 |
| CVE-2022-26285 | Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | [email protected] | 9.8 | 2.00% | 2022-03-21 | 2026-06-17 |
| CVE-2022-26284 | Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | [email protected] | 9.8 | 1.95% | 2022-03-21 | 2026-06-17 |
| CVE-2021-43510 | SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php. | [email protected] | 9.8 | 7.51% | 2022-02-01 | 2026-06-17 |
| CVE-2021-43509 | SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php. | [email protected] | 9.8 | 1.82% | 2022-02-01 | 2026-06-17 |