CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2024-0265 – SourceCodester Clinic Queuing System GET Parameter index.php file inclusion
https://notcve.org/view.php?id=CVE-2024-0265
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. • https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py https://vuldb.com/?ctiid.249821 https://vuldb.com/?id.249821 • CWE-73: External Control of File Name or Path •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-0264 – SourceCodester Clinic Queuing System LoginRegistration.php authorization
https://notcve.org/view.php?id=CVE-2024-0264
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. • https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py https://vuldb.com/?ctiid.249820 https://vuldb.com/?id.249820 • CWE-639: Authorization Bypass Through User-Controlled Key •