CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2022-24646
https://notcve.org/view.php?id=CVE-2022-24646
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. Se ha detectado que Hospital Management System versión v4.0, contiene una vulnerabilidad de inyección SQL en el archivo /Hospital-Management-System-master/contact.php por medio de los parámetros txtMsg • https://github.com/kishan0725/Hospital-Management-System/issues/18 https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-24263 https://www.nu11secur1ty.com/2022/02/cve-2022-24263.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 5CVE-2022-24263 – Hospital Management System 4.0 - 'multiple' SQL Injection
https://notcve.org/view.php?id=CVE-2022-24263
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. Se ha detectado que Hospital Management System versión v4.0, contiene una vulnerabilidad de inyección SQL en el componente /Hospital-Management-System-master/func.php por medio del parámetro email Hospital Management System version 4.0 suffers from multiple remote SQL injection vulnerabilities. Original discovered of SQL injection in this version is attributed to Metin Yunus Kandemir in January of 2020. • https://www.exploit-db.com/exploits/50718 http://packetstormsecurity.com/files/165882/Hospital-Management-System-4.0-SQL-Injection.html https://github.com/kishan0725/Hospital-Management-System/issues/17 https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-24263 https://github.com/truonghuuphuc/CVE https://www.nu11secur1ty.com/2022/02/cve-2022-24263.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44317
https://notcve.org/view.php?id=CVE-2021-44317
In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. En Bus Pass Management System versión v1.0, los parámetros "pagedes" y "About Us" están afectados con una vulnerabilidad de tipo Cross-site scripting almacenada • https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/blob/master/xss https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/blob/master/xss/Report_SXSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44315
https://notcve.org/view.php?id=CVE-2021-44315
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. En Bus Pass Management System versión v1.0, el Directory Listing/Browsing está habilitado en el servidor web, lo que permite a un atacante visualizar los archivos confidenciales de la aplicación, por ejemplo: Cualquier archivo que contenga información confidencial del usuario o del servidor • https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/blob/master/Directory%20listing/Report_Directory%20listing.pdf https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/tree/master/Directory%20listing • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44965
https://notcve.org/view.php?id=CVE-2021-44965
Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. Una vulnerabilidad de Salto de Directorio en el directorio /admin/includes/* de PHPGURUKUL Employee Record Management System versión 1.2 El atacante puede recuperar y descargar información confidencial del servidor vulnerable • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/PHPGURUKUL/ANUJ%20KUMAR/Employee-Record-Management-System • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •