CVE-2021-33470 – COVID-19 Testing Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2021-33470
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. COVID19 Testing Management System versión 1.0, es vulnerable a una inyección de SQL por medio del panel de administración • http://packetstormsecurity.com/files/163014/COVID-19-Testing-Management-System-1.0-SQL-Injection.html https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-04 https://phpgurukul.com https://www.exploit-db.com/exploits/49886 https://www.nu11secur1ty.com/2021/08/covid-19-contact-tracing-system-web-app.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-33469
https://notcve.org/view.php?id=CVE-2021-33469
COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter. COVID19 Testing Management System versión 1.0 es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del parámetro "Admin name" • https://phpgurukul.com https://www.exploit-db.com/exploits/49887 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •