Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit af2b0592dc69 · 2026-03-09T03:31:40.000Z
GHSA-2h27-2gxp-mwg2 GHSA-37cp-xxfx-m7pj GHSA-r7cm-3qjx-j8fh GHSA-r9h9-fgfp-v4m4 GHSA-wvj6-8496-wm9r
diff --git a/advisories/unreviewed/2026/03/GHSA-2h27-2gxp-mwg2/GHSA-2h27-2gxp-mwg2.json b/advisories/unreviewed/2026/03/GHSA-2h27-2gxp-mwg2/GHSA-2h27-2gxp-mwg2.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2h27-2gxp-mwg2",
+  "modified": "2026-03-09T03:30:20Z",
+  "published": "2026-03-09T03:30:20Z",
+  "aliases": [
+    "CVE-2026-3793"
+  ],
+  "details": "A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3793"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-SalesInvoice1-sellid.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349760"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349760"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.768048"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-09T03:15:49Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-37cp-xxfx-m7pj/GHSA-37cp-xxfx-m7pj.json b/advisories/unreviewed/2026/03/GHSA-37cp-xxfx-m7pj/GHSA-37cp-xxfx-m7pj.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-37cp-xxfx-m7pj",
+  "modified": "2026-03-09T03:30:20Z",
+  "published": "2026-03-09T03:30:20Z",
+  "aliases": [
+    "CVE-2026-3791"
+  ],
+  "details": "A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3791"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-Dashboard-searchtxt.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349758"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349758"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.768046"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-09T01:15:47Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-r7cm-3qjx-j8fh/GHSA-r7cm-3qjx-j8fh.json b/advisories/unreviewed/2026/03/GHSA-r7cm-3qjx-j8fh/GHSA-r7cm-3qjx-j8fh.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r7cm-3qjx-j8fh",
+  "modified": "2026-03-09T03:30:20Z",
+  "published": "2026-03-09T03:30:20Z",
+  "aliases": [
+    "CVE-2026-3792"
+  ],
+  "details": "A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchase_invoice.php of the component GET Parameter Handler. The manipulation of the argument purchaseid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3792"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-PurchaseInvoice-purchaseid.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349759"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349759"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.768047"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-09T02:15:47Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-r9h9-fgfp-v4m4/GHSA-r9h9-fgfp-v4m4.json b/advisories/unreviewed/2026/03/GHSA-r9h9-fgfp-v4m4/GHSA-r9h9-fgfp-v4m4.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r9h9-fgfp-v4m4",
+  "modified": "2026-03-09T03:30:20Z",
+  "published": "2026-03-09T03:30:20Z",
+  "aliases": [
+    "CVE-2026-3795"
+  ],
+  "details": "A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3795"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349762"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349762"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.768241"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-09T03:15:49Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-wvj6-8496-wm9r/GHSA-wvj6-8496-wm9r.json b/advisories/unreviewed/2026/03/GHSA-wvj6-8496-wm9r/GHSA-wvj6-8496-wm9r.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wvj6-8496-wm9r",
+  "modified": "2026-03-09T03:30:20Z",
+  "published": "2026-03-09T03:30:20Z",
+  "aliases": [
+    "CVE-2026-3794"
+  ],
+  "details": "A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3794"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349761"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349761"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.768239"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-09T03:15:49Z"
+  }
+}
