Page 4 of 170 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. • https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py https://vuldb.com/?ctiid.249821 https://vuldb.com/?id.249821 • CWE-73: External Control of File Name or Path •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. • https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py https://vuldb.com/?ctiid.249820 https://vuldb.com/?id.249820 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. Sourcecodester Customer Support System 1.0 tiene múltiples vulnerabilidades de inyección SQL en /customer_support/ajax.php?action=save_ticket a través de department_id, customer_id y subject. • https://github.com/geraldoalcantara/CVE-2023-50070 https://medium.com/%40geraldoalcantarapro/cve-2023-50070-1f58c2a64b1c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: '../filedir'. • https://medium.com/@2839549219ljk/medicine-tracking-system-rce-vulnerability-1f009165b915 https://vuldb.com/?ctiid.249137 https://vuldb.com/?id.249137 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. • https://github.com/laoquanshi/Simple-Student-Attendance-System https://vuldb.com/?ctiid.248749 https://vuldb.com/?id.248749 • CWE-24: Path Traversal: '../filedir' •