CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8366 – code-projects Pharmacy Management System Update My Profile Page index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-8366
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input <script>alert(1)</script> leads to cross site scripting. • https://code-projects.org https://vuldb.com/?ctiid.276261 https://vuldb.com/?id.276261 https://vuldb.com/?submit.398777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8147 – code-projects Pharmacy Management System index.php sql injection
https://notcve.org/view.php?id=CVE-2024-8147
A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. • https://code-projects.org https://github.com/maqingnan/cve/blob/main/sql2.md https://vuldb.com/?ctiid.275729 https://vuldb.com/?id.275729 https://vuldb.com/?submit.397418 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8146 – code-projects Pharmacy Management System index.php sql injection
https://notcve.org/view.php?id=CVE-2024-8146
A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. • https://code-projects.org https://github.com/maqingnan/cve/blob/main/sql1.md https://vuldb.com/?ctiid.275728 https://vuldb.com/?id.275728 https://vuldb.com/?submit.397417 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8138 – code-projects Pharmacy Management System Parameter index.php editManager sql injection
https://notcve.org/view.php?id=CVE-2024-8138
A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. Affected is the function editManager of the file /index.php?action=editManager of the component Parameter Handler. The manipulation of the argument id as part of String leads to sql injection. It is possible to launch the attack remotely. • https://code-projects.org https://github.com/SYQGITHUB/cve/blob/main/sql1.md https://vuldb.com/?ctiid.275718 https://vuldb.com/?id.275718 https://vuldb.com/?submit.396817 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4186 – SourceCodester Pharmacy Management System manage_website.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-4186
A vulnerability was found in SourceCodester Pharmacy Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_website.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. • https://github.com/E1even-321/Pharmacy-system/blob/main/Pharmacy%20Management%20System%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf https://vuldb.com/?ctiid.236221 https://vuldb.com/?id.236221 • CWE-434: Unrestricted Upload of File with Dangerous Type •