CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7226 – SourceCodester Medicine Tracker System Password Change cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-7226
30 Jul 2024 — A vulnerability was found in SourceCodester Medicine Tracker System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save_user of the component Password Change Handler. The manipulation leads to cross-site request forgery. • https://vuldb.com/?id.272806 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6419 – SourceCodester Medicine Tracker System sql injection
https://notcve.org/view.php?id=CVE-2024-6419
30 Jun 2024 — A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=save_medicine. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. • https://github.com/jadu101/CVE/blob/main/SourceCodester_Medicine_Tracker_System_Master_php_sqli.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6418 – SourceCodester Medicine Tracker System sql injection
https://notcve.org/view.php?id=CVE-2024-6418
30 Jun 2024 — A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file /classes/Users.php?f=register_user. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/jadu101/CVE/blob/main/SourceCodester_Medicine_Tracker_System_Users_php_sqli.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7134 – SourceCodester Medicine Tracking System path traversal
https://notcve.org/view.php?id=CVE-2023-7134
28 Dec 2023 — A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: '../filedir'. • https://medium.com/@2839549219ljk/medicine-tracking-system-rce-vulnerability-1f009165b915 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7123 – SourceCodester Medicine Tracking System sql injection
https://notcve.org/view.php?id=CVE-2023-7123
27 Dec 2023 — A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracking System 1.0. This issue affects some unknown processing of the file /classes/Master.php? f=save_medicine. The manipulation of the argument id/name/description leads to sql injection. The attack may be initiated remotely. • https://medium.com/@2839549219ljk/medicine-tracking-system-sql-injection-7b0dde3a82a4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5581 – SourceCodester Medicine Tracker System index.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5581
14 Oct 2023 — A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GodRone/MedicineTrackerSystem/blob/main/Medicine%20Tracker%20System_XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30112
https://notcve.org/view.php?id=CVE-2023-30112
26 Apr 2023 — Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection. • https://github.com/Rajeshwar40/CVE/blob/main/CVE-2023-30112 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30106
https://notcve.org/view.php?id=CVE-2023-30106
25 Apr 2023 — Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. • https://github.com/Rajeshwar40/CVE/blob/main/2023-30106 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30111
https://notcve.org/view.php?id=CVE-2023-30111
25 Apr 2023 — Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). • https://github.com/Rajeshwar40/CVE/blob/main/2023-30111 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30458
https://notcve.org/view.php?id=CVE-2023-30458
24 Apr 2023 — A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password. • https://github.com/d34dun1c02n/CVE-2023-30458 • CWE-203: Observable Discrepancy •