CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5004 – Hospital-management-system-in-php 378c157 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2023-5004
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. La versión 378c157 de Hospital Management System permite omitir la autenticación. Esto es posible porque la aplicación es vulnerable a SQLI. • https://fluidattacks.com/advisories/alcocer https://github.com/projectworldsofficial/hospital-management-system-in-php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43144
https://notcve.org/view.php?id=CVE-2023-43144
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. Projectworldsl Assets-management-system-in-php 1.0 es vulnerable a la inyección SQL a través del parámetro "id" en delete.php. • https://github.com/Pegasus0xx/CVE-2023-43144 https://github.com/projectworldsofficial/Assets-management-system-in-php/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42066
https://notcve.org/view.php?id=CVE-2022-42066
Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. Online Examination System versión 1.0, sufre una vulnerabilidad de tipo Cross Site Scripting por medio del archivo index.php • https://packetstormsecurity.com/files/168549/Online-Examination-System-1.0-Cross-Site-Scripting.html https://projectworlds.in/free-projects/php-projects/online-examination • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45852
https://notcve.org/view.php?id=CVE-2021-45852
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php. Se ha detectado un problema en Projectworlds Hospital Management System versión v1.0. Los atacantes maliciosos no autorizados pueden añadir pacientes sin restricciones por medio del archivo add_patient.php • https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/6 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44866
https://notcve.org/view.php?id=CVE-2021-44866
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database. Se ha detectado un problema en Online-Movie-Ticket-Booking-System versión 1.0. El archivo about.php no lleva a cabo la comprobación de entrada en el parámetro "id". • https://github.com/projectworldsofficial/Online-Movie-Ticket-Booking-System-in-php/issues/6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •