CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-38813
https://notcve.org/view.php?id=CVE-2022-38813
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report. PHPGurukul Blood Donor Management System 1.0 no restringe adecuadamente el acceso a admin/dashboard.php, lo que permite a los atacantes acceder a todos los datos de los usuarios, eliminarlos, agregar y administrar grupos sanguíneos y enviar informes. • https://github.com/RashidKhanPathan/CVE-2022-38813 https://drive.google.com/file/d/1iMswKzoUvindXUGh1cuAmi-0R84tLDaH/view?usp=sharing https://ihexcoder.wixsite.com/secresearch/post/cve-2022-38813-privilege-escalations-in-blood-donor-management-system-v1-0 https://phpgurukul.com/blood-donor-management-system-using-codeigniter • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-40470
https://notcve.org/view.php?id=CVE-2022-40470
Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. Phpgurukul Blood Donor Management System 1.0 permite Cross Site Scripting mediante la función Agregar nombre de grupo sanguíneo. • https://github.com/RashidKhanPathan/CVE-2022-40470 https://drive.google.com/file/d/1UDuez2CTscdWXYzyXLi3x8CMs9IWLL11/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35387
https://notcve.org/view.php?id=CVE-2021-35387
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. Hospital Management System v 4.0 es vulnerable a la inyección SQL a través del archivo: hospital/hms/admin/view-patient.php. • https://github.com/BigTiger2020/Hospital-Management-System/blob/main/Hospital%20Management%20System.md https://phpgurukul.com/hospital-management-system-in-php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37781
https://notcve.org/view.php?id=CVE-2021-37781
Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. Employee Record Management System v 1.2 es vulnerable a Cross Site Scripting (XSS) a través de editempprofile.php. • https://github.com/BigTiger2020/Employee-Record-Management-System/blob/main/Employee%20Record%20Management%20System%20-%20xss.md https://phpgurukul.com/employee-record-management-system-in-php-and-mysql • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37782
https://notcve.org/view.php?id=CVE-2021-37782
Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. Employee Record Management System v 1.2 es vulnerable a la inyección SQL a través de editempprofile.php. • https://github.com/BigTiger2020/Employee-Record-Management-System/blob/main/Employee%20Record%20Management%20System.md https://phpgurukul.com/employee-record-management-system-in-php-and-mysql • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •