CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35117
https://notcve.org/view.php?id=CVE-2022-35117
Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical Details module. Se ha detectado que Clinics Patient Management System versión v1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del archivo update_medicine_details.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el cuadro de texto Packing del módulo Update Medical Details. • https://github.com/zhangzhaoyuela/bug_report/blob/main/vendors/oretnom23/clinics-patient-management-system/xss-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36242
https://notcve.org/view.php?id=CVE-2022-36242
Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=. Clinics Patient Management System versión v1.0, es vulnerable a una inyección SQL por medio del archivo /pms/update_medicine.php?id=. • https://github.com/MouZhou/bug_report/blob/main/vendors/oretnom23/clinics-patient-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36270
https://notcve.org/view.php?id=CVE-2022-36270
Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php. Clinics Patient Management System versión v1.0, presenta ejecución de código arbitrario por medio de la url: ip/pms/users.php • https://github.com/FF9118/bug_report/blob/main/vendors/oretnom23/clinics-patient-management-system/RCE-1.md •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36750
https://notcve.org/view.php?id=CVE-2022-36750
Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=. Clinics Patient Management System versión v1.0, es vulnerable a una inyección SQL por medio de /pms/update_user.php?id= • https://github.com/FF9118/bug_report/blob/main/vendors/oretnom23/clinics-patient-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2298 – SourceCodester Clinics Patient Management System Login Page index.php sql injection
https://notcve.org/view.php?id=CVE-2022-2298
A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the argument user_name with the input admin' or '1'='1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CyberThoth/CVE/blob/63e283e7d7dad3783237f15cdae2bb649bc1e198/CVE/Clinic%27s%20Patient%20Management%20System/SQLi/POC.md https://vuldb.com/?id.203179 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •