CVE-2023-23026 is assigned
Link: https://www.sourcecodester.com/php-codeigniter-simple-sales-management-system-source-code
Mutiple XSS vulnerabilities.
The input (sources) are saved directly in the database.
// Controllers/Categories.php
$data = $this->input->post();
if ($insert_id = DB::save(TABLE_CATEGORIES, $data)) {
//...
}
// Controllers/Orders.php
$data = $this->input->post();
if(DB::save(TABLE_ORDERS, $data)){
//...
}
// Controllers/Products.php
$data = $this->input->post();
if ($insert_id = DB::save(TABLE_PRODUCTS, $data)) {
//...
}
Then the data will pass from the database to the views without sanitizing. 18 different sinks for XSS vulnerabilities.
For example:
// views/orders/print.php
<?php
$product_name = DB::get_cell(TABLE_PRODUCTS, $where, 'product_name');
?>
<td><?=$product_name ?></td>
<td><?=$products[$i]->qty ?></td>
// views/orders/manage.php
<td class="px-2 py-1 align-middle" id="customer_name-<?=$row->order_id ?>"><?=ucwords($row->customer_name) ?></td>
// views/orders/form.php
<?php foreach(DB::get(TABLE_PRODUCTS) as $row): ?>
<option value="<?=$row->product_id ?>"><?=ucfirst($row->product_name) ?> - <?=$row->product_price ?></option>
<?php endforeach; ?>
// views/products/manage.php
<small class="label label-light text-black border rounded-pill" ><?=ucfirst($row->category_name) ?></small>