Page 40 of 298 results (0.004 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 2

PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report. PHPGurukul Blood Donor Management System 1.0 no restringe adecuadamente el acceso a admin/dashboard.php, lo que permite a los atacantes acceder a todos los datos de los usuarios, eliminarlos, agregar y administrar grupos sanguíneos y enviar informes. • https://github.com/RashidKhanPathan/CVE-2022-38813 https://drive.google.com/file/d/1iMswKzoUvindXUGh1cuAmi-0R84tLDaH/view?usp=sharing https://ihexcoder.wixsite.com/secresearch/post/cve-2022-38813-privilege-escalations-in-blood-donor-management-system-v1-0 https://phpgurukul.com/blood-donor-management-system-using-codeigniter • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2

Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. Phpgurukul Blood Donor Management System 1.0 permite Cross Site Scripting mediante la función Agregar nombre de grupo sanguíneo. • https://github.com/RashidKhanPathan/CVE-2022-40470 https://drive.google.com/file/d/1UDuez2CTscdWXYzyXLi3x8CMs9IWLL11/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. Hospital Management System v 4.0 es vulnerable a la inyección SQL a través del archivo: hospital/hms/admin/view-patient.php. • https://github.com/BigTiger2020/Hospital-Management-System/blob/main/Hospital%20Management%20System.md https://phpgurukul.com/hospital-management-system-in-php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. Employee Record Management System v 1.2 es vulnerable a Cross Site Scripting (XSS) a través de editempprofile.php. • https://github.com/BigTiger2020/Employee-Record-Management-System/blob/main/Employee%20Record%20Management%20System%20-%20xss.md https://phpgurukul.com/employee-record-management-system-in-php-and-mysql • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. Employee Record Management System v 1.2 es vulnerable a la inyección SQL a través de editempprofile.php. • https://github.com/BigTiger2020/Employee-Record-Management-System/blob/main/Employee%20Record%20Management%20System.md https://phpgurukul.com/employee-record-management-system-in-php-and-mysql • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •