Page 12 of 88 results (0.008 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. La versión 378c157 de Hospital Management System permite omitir la autenticación. Esto es posible porque la aplicación es vulnerable a SQLI. • https://fluidattacks.com/advisories/alcocer https://github.com/projectworldsofficial/hospital-management-system-in-php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. Projectworldsl Assets-management-system-in-php 1.0 es vulnerable a la inyección SQL a través del parámetro "id" en delete.php. • https://github.com/Pegasus0xx/CVE-2023-43144 https://github.com/projectworldsofficial/Assets-management-system-in-php/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. Online Examination System versión 1.0, sufre una vulnerabilidad de tipo Cross Site Scripting por medio del archivo index.php • https://packetstormsecurity.com/files/168549/Online-Examination-System-1.0-Cross-Site-Scripting.html https://projectworlds.in/free-projects/php-projects/online-examination • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php. Se ha detectado un problema en Projectworlds Hospital Management System versión v1.0. Los atacantes maliciosos no autorizados pueden añadir pacientes sin restricciones por medio del archivo add_patient.php • https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/6 • CWE-670: Always-Incorrect Control Flow Implementation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database. Se ha detectado un problema en Online-Movie-Ticket-Booking-System versión 1.0. El archivo about.php no lleva a cabo la comprobación de entrada en el parámetro "id". • https://github.com/projectworldsofficial/Online-Movie-Ticket-Booking-System-in-php/issues/6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •