An issue was discovered in Sales & Company Management System (SCMS) through 2018-12-05。There is a discrepancy in email checking between a component that does email code validation, and a component
that is the source client validation. Thus, it is possible to update a database query and due to storage xss.
this vulnerable occured via member_email.php
Enter an arbitrarily email address and click the button,wait a moment,can receive the validation code.
Now,enter the code and update the email payload like this,click the button .
capture the package via burp suite and generate the csrf poc
click the img tag
The text was updated successfully, but these errors were encountered:
An issue was discovered in Sales & Company Management System (SCMS) through 2018-12-05。There is a discrepancy in email checking between a component that does email code validation, and a component
that is the source client validation. Thus, it is possible to update a database query and due to storage xss.
this vulnerable occured via member_email.php





Enter an arbitrarily email address and click the button,wait a moment,can receive the validation code.
Now,enter the code and update the email payload like this,click the button .
capture the package via burp suite and generate the csrf poc
click the img tag
The text was updated successfully, but these errors were encountered: