CVE-2024-8147 – code-projects Pharmacy Management System index.php sql injection
https://notcve.org/view.php?id=CVE-2024-8147
A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. • https://code-projects.org https://github.com/maqingnan/cve/blob/main/sql2.md https://vuldb.com/?ctiid.275729 https://vuldb.com/?id.275729 https://vuldb.com/?submit.397418 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-8146 – code-projects Pharmacy Management System index.php sql injection
https://notcve.org/view.php?id=CVE-2024-8146
A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. • https://code-projects.org https://github.com/maqingnan/cve/blob/main/sql1.md https://vuldb.com/?ctiid.275728 https://vuldb.com/?id.275728 https://vuldb.com/?submit.397417 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-8138 – code-projects Pharmacy Management System Parameter index.php editManager sql injection
https://notcve.org/view.php?id=CVE-2024-8138
A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. Affected is the function editManager of the file /index.php?action=editManager of the component Parameter Handler. The manipulation of the argument id as part of String leads to sql injection. It is possible to launch the attack remotely. • https://code-projects.org https://github.com/SYQGITHUB/cve/blob/main/sql1.md https://vuldb.com/?ctiid.275718 https://vuldb.com/?id.275718 https://vuldb.com/?submit.396817 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •