2088 matches found
CVE-2026-13530
A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out remotel...
CVE-2026-13530 itsourcecode Hospital Management System Appointment appointmentdetail.php sql injection
A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out remotel...
CVE-2026-13530
The vulnerability CVE-2026-13530 affects itsourcecode Hospital Management System 1.0, specifically the Appointment Handler component through the file /appointmentdetail.php. The issue arises from manipulating the argument editid, leading to an SQL injection. Evidence indicates the attack can be c...
CVE-2026-13520
A vulnerability was determined in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument editid causes sql injection. The attack is possible to be carried out remotel...
EUVD-2026-40017
A vulnerability was determined in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument editid causes sql injection. The attack is possible to be carried out remotel...
CVE-2026-13520
The CVE describes a SQL injection in itsourcecode Hospital Management System v1.0, affecting the file /appointmentapproval.php (component: Appointment Handler). The vulnerability is triggered by manipulating the editid parameter, enabling remote exploitation. Exploit evidence is indicated as publ...
CVE-2026-13520 itsourcecode Hospital Management System Appointment appointmentapproval.php sql injection
A vulnerability was determined in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument editid causes sql injection. The attack is possible to be carried out remotel...
PT-2026-53200
Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description An issue exists in the Appointment Handler component within the /appointmentdetail.php endpoint. Remote manipulation of the editid argument allows for SQL injection, a technique...
CVE-2026-13497
A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and...
EUVD-2026-39995
A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and...
CVE-2026-13497
The CVE-2026-13497 entry concerns itsourcecode Hospital Management System 1.0. The vulnerability resides in an unknown function of /appointment.php where manipulating the editid parameter triggers an SQL injection. This can be exploited remotely and has publicly disclosed exploit material (exploi...
CVE-2026-13497 itsourcecode Hospital Management System appointment.php sql injection
A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and...
CVE-2026-1856
The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2026-37980
The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1856 Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label
The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1856
The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-12111
The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...
EUVD-2026-37864
The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...
CVE-2026-12111 Appointment Booking Calendar <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure via 'id' Parameter
The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...
CVE-2026-12111
The CVE describes a vulnerability in WordPress plugin Appointment Booking Calendar (