Lucene search
K

2088 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/29 3:15 a.m.8 views

CVE-2026-13530

A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out remotel...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/29 3:15 a.m.40 views

CVE-2026-13530 itsourcecode Hospital Management System Appointment appointmentdetail.php sql injection

A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out remotel...

6.5CVSS0.002EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 3:15 a.m.26 views

CVE-2026-13530

The vulnerability CVE-2026-13530 affects itsourcecode Hospital Management System 1.0, specifically the Appointment Handler component through the file /appointmentdetail.php. The issue arises from manipulating the argument editid, leading to an SQL injection. Evidence indicates the attack can be c...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 2:16 a.m.8 views

CVE-2026-13520

A vulnerability was determined in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument editid causes sql injection. The attack is possible to be carried out remotel...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 12:45 a.m.6 views

EUVD-2026-40017

A vulnerability was determined in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument editid causes sql injection. The attack is possible to be carried out remotel...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 12:45 a.m.16 views

CVE-2026-13520

The CVE describes a SQL injection in itsourcecode Hospital Management System v1.0, affecting the file /appointmentapproval.php (component: Appointment Handler). The vulnerability is triggered by manipulating the editid parameter, enabling remote exploitation. Exploit evidence is indicated as publ...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 12:45 a.m.36 views

CVE-2026-13520 itsourcecode Hospital Management System Appointment appointmentapproval.php sql injection

A vulnerability was determined in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument editid causes sql injection. The attack is possible to be carried out remotel...

6.5CVSS0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.16 views

PT-2026-53200

Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description An issue exists in the Appointment Handler component within the /appointmentdetail.php endpoint. Remote manipulation of the editid argument allows for SQL injection, a technique...

6.5CVSS6.6AI score0.002EPSS
Exploits0References10
NVD
NVD
added 2026/06/28 1:16 p.m.9 views

CVE-2026-13497

A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and...

6.5CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/28 12:45 p.m.9 views

EUVD-2026-39995

A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
CVE
CVE
added 2026/06/28 12:45 p.m.16 views

CVE-2026-13497

The CVE-2026-13497 entry concerns itsourcecode Hospital Management System 1.0. The vulnerability resides in an unknown function of /appointment.php where manipulating the editid parameter triggers an SQL injection. This can be exploited remotely and has publicly disclosed exploit material (exploi...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 12:45 p.m.34 views

CVE-2026-13497 itsourcecode Hospital Management System appointment.php sql injection

A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and...

6.5CVSS0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/06/19 6:17 a.m.15 views

CVE-2026-1856

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00193EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 4:31 a.m.13 views

EUVD-2026-37980

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.30 views

CVE-2026-1856 Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00193EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.7 views

CVE-2026-1856

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00193EPSS
Exploits0References5
NVD
NVD
added 2026/06/18 8:16 a.m.13 views

CVE-2026-12111

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...

4.3CVSS0.00285EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/18 6:50 a.m.10 views

EUVD-2026-37864

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...

4.3CVSS5.4AI score0.00285EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/18 6:50 a.m.37 views

CVE-2026-12111 Appointment Booking Calendar <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure via 'id' Parameter

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...

4.3CVSS0.00285EPSS
Exploits0References10
CVE
CVE
added 2026/06/18 6:50 a.m.21 views

CVE-2026-12111

The CVE describes a vulnerability in WordPress plugin Appointment Booking Calendar (

4.3CVSS5.5AI score0.00285EPSS
Exploits0References10
Rows per page
Query Builder