Page 4 of 35 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. This issue affects some unknown processing of the file product/register.php. The manipulation of the argument category leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.279965 https://vuldb.com/?ctiid.279965 https://vuldb.com/?submit.418904 https://github.com/ppp-src/CVE/issues/10 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input <script>alert(1)</script> leads to cross site scripting. • https://code-projects.org https://vuldb.com/?ctiid.276261 https://vuldb.com/?id.276261 https://vuldb.com/?submit.398777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. • https://code-projects.org https://github.com/maqingnan/cve/blob/main/sql2.md https://vuldb.com/?ctiid.275729 https://vuldb.com/?id.275729 https://vuldb.com/?submit.397418 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. • https://code-projects.org https://github.com/maqingnan/cve/blob/main/sql1.md https://vuldb.com/?ctiid.275728 https://vuldb.com/?id.275728 https://vuldb.com/?submit.397417 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. Affected is the function editManager of the file /index.php?action=editManager of the component Parameter Handler. The manipulation of the argument id as part of String leads to sql injection. It is possible to launch the attack remotely. • https://code-projects.org https://github.com/SYQGITHUB/cve/blob/main/sql1.md https://vuldb.com/?ctiid.275718 https://vuldb.com/?id.275718 https://vuldb.com/?submit.396817 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •