CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2022-40471
https://notcve.org/view.php?id=CVE-2022-40471
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php Remote Code Execution in Clinic's Patient Management System v 1.0 permite al Atacante Cargar webshell php arbitrario a través de la función de carga de imágenes de perfil en usuarios.php • https://github.com/RashidKhanPathan/CVE-2022-40471 https://drive.google.com/file/d/1m-wTfOL5gY3huaSEM3YPSf98qIrkl-TW/view?usp=sharing https://www.sourcecodester.com/php-clinics-patient-management-system-source-code • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3122 – SourceCodester Clinics Patient Management System medicine_details.php sql injection
https://notcve.org/view.php?id=CVE-2022-3122
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. • https://github.com/joinia/webray.com.cn/blob/main/Clinic%27s-Patient-Management-System/cpmssql.md https://vuldb.com/?id.207854 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3120 – SourceCodester Clinics Patient Management System Login index.php sql injection
https://notcve.org/view.php?id=CVE-2022-3120
A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/joinia/webray.com.cn/blob/main/Clinic%27s-Patient-Management-System/cpms.md https://vuldb.com/?id.207847 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36609
https://notcve.org/view.php?id=CVE-2022-36609
Clinic's Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php. Se ha detectado que Clinics Patient Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /pms/update_patient.php • https://github.com/Lendme1996/bug_report/blob/main/vendors/oretnom23/clinics-patient-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36251
https://notcve.org/view.php?id=CVE-2022-36251
Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php. Clinics Patient Management System versión v1.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del archivo patients.php. • https://github.com/ZhenKaiHe/bug_report/blob/main/vendors/onetnom23/clinics-patient-management-system/XSS-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •