CVE-2024-37803
https://notcve.org/view.php?id=CVE-2024-37803
Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info page. Múltiples vulnerabilidades de cross-site scripting (XSS) almacenado en CodeProjects Health Care hospital Management System v1.0 permiten a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en los parámetros fname y lname en la página de información del personal. • https://code-projects.org/health-care-hospital-in-php-css-js-and-mysql-free-download https://github.com/himanshubindra/CVEs/blob/main/CVE-2024-37803 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-37802
https://notcve.org/view.php?id=CVE-2024-37802
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter. Se descubrió que CodeProjects Health Care hospital Management System v1.0 contenía una vulnerabilidad de inyección SQL en el módulo de información del paciente a través del parámetro servalu. • https://code-projects.org/health-care-hospital-in-php-css-js-and-mysql-free-download https://github.com/SandeepRajauriya/CVEs/blob/main/CVE-2024-37802 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-38348
https://notcve.org/view.php?id=CVE-2024-38348
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter. Se descubrió que CodeProjects Health Care hospital Management System v1.0 contenía una vulnerabilidad de inyección SQL en el módulo de información del personal a través del parámetro servalu. • https://code-projects.org/health-care-hospital-in-php-css-js-and-mysql-free-download https://github.com/SandeepRajauriya/CVEs/blob/main/CVE-2024-38348 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-0364 – PHPGurukul Hospital Management System query-details.php sql injection
https://notcve.org/view.php?id=CVE-2024-0364
A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131. • https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL11.docx https://vuldb.com/?ctiid.250131 https://vuldb.com/?id.250131 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-0363 – PHPGurukul Hospital Management System patient-search.php sql injection
https://notcve.org/view.php?id=CVE-2024-0363
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability. • https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL10.docx https://vuldb.com/?ctiid.250130 https://vuldb.com/?id.250130 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •