CVE-2024-10987 – code-projects E-Health Care System user_appointment.php sql injection
https://notcve.org/view.php?id=CVE-2024-10987
A vulnerability was found in code-projects E-Health Care System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Doctor/user_appointment.php. The manipulation of the argument schedule_id/schedule_date/schedule_day/start_time/end_time/booking leads to sql injection. The attack can be launched remotely. • https://code-projects.org https://github.com/qqqbalabala/cve/blob/main/sql20.md https://vuldb.com/?ctiid.283453 https://vuldb.com/?id.283453 https://vuldb.com/?submit.437351 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10967 – code-projects E-Health Care System delete_user_appointment_request.php sql injection
https://notcve.org/view.php?id=CVE-2024-10967
A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file /Doctor/delete_user_appointment_request.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. • https://code-projects.org https://github.com/1104533685/cve/blob/main/sql.md https://vuldb.com/?ctiid.283416 https://vuldb.com/?id.283416 https://vuldb.com/?submit.437312 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10810 – code-projects E-Health Care System app_request.php sql injection
https://notcve.org/view.php?id=CVE-2024-10810
A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file Doctor/app_request.php. The manipulation of the argument app_id leads to sql injection. It is possible to launch the attack remotely. • https://code-projects.org https://github.com/wsy149433/cve/blob/main/sql19.md https://vuldb.com/?ctiid.283038 https://vuldb.com/?id.283038 https://vuldb.com/?submit.437018 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-707: Improper Neutralization •
CVE-2024-10809 – code-projects E-Health Care System chat.php sql injection
https://notcve.org/view.php?id=CVE-2024-10809
A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/Xueweian/cve/blob/main/sql18.md https://vuldb.com/?ctiid.283037 https://vuldb.com/?id.283037 https://vuldb.com/?submit.436759 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-707: Improper Neutralization •
CVE-2024-10808 – code-projects E-Health Care System req_detail.php sql injection
https://notcve.org/view.php?id=CVE-2024-10808
A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file Admin/req_detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/koevas257/cve/blob/main/sql.md https://vuldb.com/?ctiid.283036 https://vuldb.com/?id.283036 https://vuldb.com/?submit.436566 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-707: Improper Neutralization •