CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40502 – Hospital Management System Project in ASP.Net MVC 1 SQL Injection
https://notcve.org/view.php?id=CVE-2024-40502
17 Jul 2024 — SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btn_login_b_Click function of the Loginpage.aspx Vulnerabilidad de inyección SQL en Hospital Management System Project in ASP.Net MVC 1 permite a un atacante remoto ejecutar código arbitrario a través de la función btn_login_b_Click de Loginpage.aspx Hospital Management System Project in ASP.Net MVC version 1 suffers from a remote SQL injection vulnerability that allow... • https://packetstorm.news/files/id/179583 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-38347
https://notcve.org/view.php?id=CVE-2024-38347
18 Jun 2024 — CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter. Se descubrió que CodeProjects Health Care hospital Management System v1.0 contenía una vulnerabilidad de inyección SQL en el módulo de información de la habitación a través del parámetro id. • https://code-projects.org/health-care-hospital-in-php-css-js-and-mysql-free-download • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-38348
https://notcve.org/view.php?id=CVE-2024-38348
18 Jun 2024 — CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter. Se descubrió que CodeProjects Health Care hospital Management System v1.0 contenía una vulnerabilidad de inyección SQL en el módulo de información del personal a través del parámetro servalu. • https://code-projects.org/health-care-hospital-in-php-css-js-and-mysql-free-download • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37800
https://notcve.org/view.php?id=CVE-2024-37800
18 Jun 2024 — CodeProjects Restaurant Reservation System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Date parameter at index.php. Se descubrió que CodeProjects Restaurant Reservation System v1.0 contiene una vulnerabilidad de cross-site scripting (XSS) reflejado a través del parámetro Fecha en index.php. • https://code-projects.org/restaurant-reservation-system-in-php-with-source-code • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37802
https://notcve.org/view.php?id=CVE-2024-37802
18 Jun 2024 — CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter. Se descubrió que CodeProjects Health Care hospital Management System v1.0 contenía una vulnerabilidad de inyección SQL en el módulo de información del paciente a través del parámetro servalu. • https://code-projects.org/health-care-hospital-in-php-css-js-and-mysql-free-download • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37803
https://notcve.org/view.php?id=CVE-2024-37803
18 Jun 2024 — Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info page. Múltiples vulnerabilidades de cross-site scripting (XSS) almacenado en CodeProjects Health Care hospital Management System v1.0 permiten a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en l... • https://code-projects.org/health-care-hospital-in-php-css-js-and-mysql-free-download • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28320 – Hospital Management System 1.0 Insecure Direct Object Reference / Account Takeover
https://notcve.org/view.php?id=CVE-2024-28320
27 Feb 2024 — Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php. La vulnerabilidad de referencias directas a objetos inseguras (IDOR) en Hospital Management System 1.0 permite a los atacantes manipular parámetros de usuario para acceso no autorizado y modificaciones a través de una solicitud POST manipulada a /patient/edit-user.php. Hospital Man... • https://packetstorm.news/files/id/177326 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5587 – SourceCodester Free Hospital Management System for Small Practices Parameter doctors.php sql injection
https://notcve.org/view.php?id=CVE-2023-5587
15 Oct 2023 — A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GodRone/Hospital-Management-System_SQL-injection/blob/main/Hospital%20Management%20System_SQL%20injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43909
https://notcve.org/view.php?id=CVE-2023-43909
29 Sep 2023 — Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. Se descubrió que Hospital Management System a través del commit 4770d contenía una vulnerabilidad de inyección SQL a través del parámetro app_contact en appsearch.php. • https://www.notion.so/SQL-Injection-vulnerability-in-app_contact-parameter-on-appsearch-php-directory-2e3daa8975164ee18217c52c43ae1a22 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4444 – SourceCodester Free Hospital Management System for Small Practices edit-user.php sql injection
https://notcve.org/view.php?id=CVE-2023-4444
21 Aug 2023 — A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file vm\patient\edit-user.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CookedMelon/cve/tree/master/hospital/patient-edit • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •