CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26629 – Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
https://notcve.org/view.php?id=CVE-2020-26629
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. Se descubrió una vulnerabilidad de carga arbitraria de archivos sin restricciones de JQuery en Hospital Management System V4.0 que permite a un atacante no autenticado cargar cualquier archivo en el servidor. Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. • https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7055 – PHPGurukul Online Notes Sharing System Contact Information profile.php access control
https://notcve.org/view.php?id=CVE-2023-7055
A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_parameter_tampering.md https://vuldb.com/?ctiid.248742 https://vuldb.com/?id.248742 • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7054 – PHPGurukul Online Notes Sharing System add-notes.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-7054
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_malicious_fileupload.md https://vuldb.com/?ctiid.248741 https://vuldb.com/?id.248741 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7053 – PHPGurukul Online Notes Sharing System signup.php weak password
https://notcve.org/view.php?id=CVE-2023-7053
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/note_weakpass.md https://vuldb.com/?ctiid.248740 https://vuldb.com/?id.248740 • CWE-521: Weak Password Requirements •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7052 – PHPGurukul Online Notes Sharing System profile.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-7052
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_profile_notes.md https://vuldb.com/?ctiid.248739 https://vuldb.com/?id.248739 • CWE-352: Cross-Site Request Forgery (CSRF) •