CVE-2024-10023 – code-projects Pharmacy Management System add_new_medicine.php sql injection
https://notcve.org/view.php?id=CVE-2024-10023
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://gist.github.com/higordiego/01a35a20a4e20e937d384b677c000921 https://vuldb.com/?ctiid.280558 https://vuldb.com/?id.280558 https://vuldb.com/?submit.424483 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10022 – code-projects Pharmacy Management System manage_supplier.php sql injection
https://notcve.org/view.php?id=CVE-2024-10022
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_supplier.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. • https://code-projects.org https://gist.github.com/higordiego/2bd0a94e480906a60ce83b8a4ec26957 https://vuldb.com/?ctiid.280557 https://vuldb.com/?id.280557 https://vuldb.com/?submit.424337 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10021 – code-projects Pharmacy Management System manage_purchase.php sql injection
https://notcve.org/view.php?id=CVE-2024-10021
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the argument text leads to sql injection. • https://code-projects.org https://gist.github.com/higordiego/439f2af836c2c7d6075ba9de2e1169da https://vuldb.com/?ctiid.280556 https://vuldb.com/?id.280556 https://vuldb.com/?submit.424334 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-9976 – code-projects Pharmacy Management System manage_customer.php sql injection
https://notcve.org/view.php?id=CVE-2024-9976
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_customer.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. • https://code-projects.org https://gist.github.com/higordiego/b57040961b993cb5f1bfe0005f6b57be https://vuldb.com/?ctiid.280341 https://vuldb.com/?id.280341 https://vuldb.com/?submit.423448 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-8366 – code-projects Pharmacy Management System Update My Profile Page index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-8366
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input <script>alert(1)</script> leads to cross site scripting. • https://code-projects.org https://vuldb.com/?ctiid.276261 https://vuldb.com/?id.276261 https://vuldb.com/?submit.398777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •