CVE-2024-8555 – SourceCodester Clinics Patient Management System congratulations.php redirect
https://notcve.org/view.php?id=CVE-2024-8555
A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely. • https://vuldb.com/?id.276774 https://vuldb.com/?ctiid.276774 https://vuldb.com/?submit.402386 https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Open-Redirect.md https://www.sourcecodester.com • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2024-8554 – SourceCodester Clinics Patient Management System users.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-8554
A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Reflected-XSS.md https://vuldb.com/?ctiid.276773 https://vuldb.com/?id.276773 https://vuldb.com/?submit.402384 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-7930 – SourceCodester Clinics Patient Management System get_packings.php sql injection
https://notcve.org/view.php?id=CVE-2024-7930
A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Pingxy/cve/blob/main/sql.md https://vuldb.com/?ctiid.275116 https://vuldb.com/?id.275116 https://vuldb.com/?submit.392934 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-7841 – SourceCodester Clinics Patient Management System check_user_name.php sql injection
https://notcve.org/view.php?id=CVE-2024-7841
A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System 1.0. This vulnerability affects unknown code of the file /pms/ajax/check_user_name.php. The manipulation of the argument user_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/qqlove555/cve/blob/main/sql.md https://vuldb.com/?ctiid.274744 https://vuldb.com/?id.274744 https://vuldb.com/?submit.391540 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-7754 – SourceCodester Clinics Patient Management System check_medicine_name.php sql injection
https://notcve.org/view.php?id=CVE-2024-7754
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ajax/check_medicine_name.php. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. • https://github.com/Wsstiger/cve/blob/main/Clinic's_sql3.md https://vuldb.com/?ctiid.274373 https://vuldb.com/?id.274373 https://vuldb.com/?submit.389367 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •