Lucene search
K

930 matches found

Nuclei
Nuclei
added yesterday89 views

Doctor Appointment System 1.0 - SQL Injection

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. id: CVE-2021-27314 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: critical description: |...

9.8CVSS7.1AI score0.12394EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday52 views

Hospital Management System 1.0 - Cross-Site Scripting

Hospital Management System 1.0 contains a cross-site scripting vulnerability via the searchdata parameter in doctor/search.php and patient-search.php. id: CVE-2021-39411 info: name: Hospital Management System 1.0 - Cross-Site Scripting author: arafatansari severity: high description: | Hospital...

6.1CVSS6.4AI score0.0089EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday86 views

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. id: CVE-2021-27320 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind S...

7.5CVSS7AI score0.09299EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday51 views

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter. id: CVE-2021-27315 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind...

7.5CVSS7AI score0.07826EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday47 views

Doctor Appointment System 1.0 - SQL Injection

SQL injection in the expertise parameter in searchresult.php in Doctor Appointment System v1.0. id: CVE-2021-27124 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: medium description: | SQL injection in the expertise parameter in searchresult.php in Doctor...

6.5CVSS6.7AI score0.05721EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday61 views

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter. id: CVE-2021-27316 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind SQ...

7.5CVSS7AI score0.07826EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday45 views

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter. id: CVE-2021-27319 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind SQL...

7.5CVSS7AI score0.07826EPSS
Exploits3References3
NVD
NVD
added 3 days ago6 views

CVE-2026-15073

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS0.00249EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-15072

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS0.00281EPSS
Exploits0References8
CVE
CVE
added 3 days ago8 views

CVE-2026-15072

The CVE-2026-15072 entry concerns the KiviCare – Clinic & Patient Management System (EHR) WordPress plugin, affected up to version 4.5.0. It describes a SQL Injection in the KCQueryBuilder via the 'orderby' parameter due to insufficient escaping and inadequate query preparation. Exploitation requ...

6.5CVSS6.1AI score0.00281EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-15072 KiviCare <= 4.5.0 - Authenticated (Doctor+) SQL Injection via 'orderby' Parameter in KCQueryBuilder

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS0.00281EPSS
Exploits0References8
CVE
CVE
added 3 days ago12 views

CVE-2026-15073

KiviCare – Clinic & Patient Management System (WordPress)

6.5CVSS6.1AI score0.00249EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 7:16 a.m.13 views

CVE-2026-13541

A weakness has been identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /doctorchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be performed from remote. The exploit has been made...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 7:16 a.m.12 views

CVE-2026-13542

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /doctorprofile.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 6:16 a.m.7 views

CVE-2026-13532

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /departmentDoctor.php. This manipulation of the argument deptid causes sql injection. It is possible to initiate the attack remotely. The exploit h...

6.5CVSS0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 6:15 a.m.35 views

CVE-2026-13542 itsourcecode Hospital Management System doctorprofile.php sql injection

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /doctorprofile.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS0.002EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 6:15 a.m.7 views

CVE-2026-13542

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /doctorprofile.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/29 6:0 a.m.8 views

EUVD-2026-40041

A weakness has been identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /doctorchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be performed from remote. The exploit has been made...

6.5CVSS5.7AI score0.002EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 6:0 a.m.14 views

CVE-2026-13541

The CVE-2026-13541 entry concerns itsourcecode Hospital Management System 1.0. Affected component: the /doctorchangepassword.php function where manipulating the newpassword parameter leads to SQL injection. Impact is indicated as remote exploitation with low to moderate severity across confidenti...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 6:0 a.m.34 views

CVE-2026-13541 itsourcecode Hospital Management System doctorchangepassword.php sql injection

A weakness has been identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /doctorchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be performed from remote. The exploit has been made...

6.5CVSS0.002EPSS
Exploits0References6
Rows per page
Query Builder