10 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This issue affects some unknown processing of the file bwdates-report-result.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/laoquanshi/heishou/blob/main/niv%20-SQL https://github.com/laoquanshi/heishou/blob/main/sqlmap.png https://vuldb.com/?ctiid.248951 https://vuldb.com/?id.248951 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dhabaleshwar/niv_testing_sqliforgotpassword/blob/main/exploit.md https://vuldb.com/?ctiid.247341 https://vuldb.com/?id.247341 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-phlebotomist.php. The manipulation of the argument pid leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dhabaleshwar/niv_testing_csrf/blob/main/exploit.md https://vuldb.com/?ctiid.246640 https://vuldb.com/?id.246640 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as problematic. This affects an unknown part of the file registered-user-testing.php. The manipulation of the argument regmobilenumber leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/dhabaleshwar/niv_testing_reflectedxss/blob/main/exploit.md https://vuldb.com/?ctiid.246615 https://vuldb.com/?id.246615 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The attack can be launched remotely. • https://github.com/dhabaleshwar/niv_testing_sxss/blob/main/exploit.md https://vuldb.com/?ctiid.246445 https://vuldb.com/?id.246445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •