Lucene search

Online Covid Vaccination Scheduler System Security Vulnerabilities

cve

CVE-2021-41930

Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-24 07:15 PM

cve

CVE-2021-37803

An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php...

8.1CVSS

8.5AI Score

0.002EPSS

2021-10-27 05:15 PM

cve

CVE-2021-36622

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the...

9.8CVSS

9.3AI Score

0.02EPSS

2021-08-03 06:15 PM

135

cve

CVE-2021-36621

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could...

8.1CVSS

8.4AI Score

0.008EPSS

2021-07-30 02:15 PM