CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4888 – code-projects Pharmacy Management System Add Order Details take_order buffer overflow
https://notcve.org/view.php?id=CVE-2025-4888
18 May 2025 — A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. This affects the function medicineType::take_order of the component Add Order Details. The manipulation leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4811 – CodeAstro Pharmacy Management System Login index.php sql injection
https://notcve.org/view.php?id=CVE-2025-4811
16 May 2025 — A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. • https://codeastro.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10199 – code-projects Pharmacy Management System Manage Medicines Page manage_medicine.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10199
21 Oct 2024 — A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manage_medicine.php of the component Manage Medicines Page. The manipulation of the argument name/address/doctor_address/suppliers_name leads to cross site scripting. The attack may be launched remotely. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10198 – code-projects Pharmacy Management System Manage Customer Page manage_customer.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10198
21 Oct 2024 — A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipulation of the argument suppliers_name/address leads to cross site scripting. The attack can be launched remotely. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10197 – code-projects Pharmacy Management System Manage Supplier Page manage_supplier.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10197
21 Oct 2024 — A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10196 – code-projects Pharmacy Management System add_new_invoice.php sql injection
https://notcve.org/view.php?id=CVE-2024-10196
21 Oct 2024 — A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /add_new_invoice.php. The manipulation of the argument text leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2CVE-2024-10140 – code-projects Pharmacy Management System manage_supplier.php sql injection
https://notcve.org/view.php?id=CVE-2024-10140
19 Oct 2024 — A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/holypryx/CVE-2024-10140 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10139 – code-projects Pharmacy Management System add_new_supplier.php sql injection
https://notcve.org/view.php?id=CVE-2024-10139
19 Oct 2024 — A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add_new_supplier.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10138 – code-projects Pharmacy Management System add_new_purchase.php sql injection
https://notcve.org/view.php?id=CVE-2024-10138
19 Oct 2024 — A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Affected is an unknown function of the file /add_new_purchase.php?action=is_supplier. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. • https://vuldb.com/?id.280926 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10137 – code-projects Pharmacy Management System manage_medicine.php sql injection
https://notcve.org/view.php?id=CVE-2024-10137
19 Oct 2024 — A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /manage_medicine.php?action=delete. The manipulation of the argument id leads to sql injection. • https://vuldb.com/?id.280925 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •