CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2021-33470 – COVID-19 Testing Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2021-33470
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. COVID19 Testing Management System versión 1.0, es vulnerable a una inyección de SQL por medio del panel de administración • http://packetstormsecurity.com/files/163014/COVID-19-Testing-Management-System-1.0-SQL-Injection.html https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-04 https://phpgurukul.com https://www.exploit-db.com/exploits/49886 https://www.nu11secur1ty.com/2021/08/covid-19-contact-tracing-system-web-app.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33469
https://notcve.org/view.php?id=CVE-2021-33469
COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter. COVID19 Testing Management System versión 1.0 es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del parámetro "Admin name" • https://phpgurukul.com https://www.exploit-db.com/exploits/49887 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 4%CPEs: 1EXPL: 3CVE-2021-27545
https://notcve.org/view.php?id=CVE-2021-27545
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. Una inyección SQL en el componente "add-services.php" del PHPGurukul Beauty Parlour Management System versión v1.0, permite a atacantes remotos obtener información confidencial de la base de datos mediante la inyección de comandos SQL en el parámetro "sername" • https://github.com/BigTiger2020/Beauty-Parlour-Management-System https://packetstormsecurity.com/files/161468/Beauty-Parlour-Management-System-1.0-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/49580 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-27544
https://notcve.org/view.php?id=CVE-2021-27544
Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el componente "add-services.php" de PHPGurukul Beauty Parlor Management System versión v1.0, permite a atacantes remotos ejecutar código arbitrario inyectando HTML arbitrario en el parámetro "sername" • https://github.com/BigTiger2020/Beauty-Parlour-Management-System https://packetstormsecurity.com/files/161468/Beauty-Parlour-Management-System-1.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 16%CPEs: 1EXPL: 2CVE-2021-26809
https://notcve.org/view.php?id=CVE-2021-26809
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php. PHPGurukul Car Rental Project versión 2.0, sufre una vulnerabilidad de carga remota de shell en el archivo changeimage1.php • https://packetstormsecurity.com/files/161267/Car-Rental-Project-2.0-Shell-Upload.html https://www.exploit-db.com/exploits/49520 • CWE-434: Unrestricted Upload of File with Dangerous Type •