CVE-2022-43226

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/viewappointment...

CVE-2022-43227

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/viewappointment...

CVE-2022-43226

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/viewappointment...

CVE-2022-43227

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/viewappointment...

CVE-2022-43226

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/viewappointment...

Online Diagnostic Lab Management System SQL注入漏洞

Online Diagnostic Lab Management System is an online diagnostic lab management system. Online Diagnostic Lab Management System v1.0 has a SQL injection vulnerability, which can be exploited to perform SQL injection via the id parameter of /odlms/admin/?page=appointments/viewappointment...

Online Diagnostic Lab Management System SQL注入漏洞

Online Diagnostic Lab Management System is an online diagnostic lab management system. A SQL injection vulnerability exists in Online Diagnostic Lab Management System v1.0, which can be exploited by an attacker to perform SQL injection via the id parameter of...

PT-2022-26801 · Unknown · Online Diagnostic Lab Management System

Name of the Vulnerable Software and Affected Versions: Online Diagnostic Lab Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/odlms/?page=appointments/view appointment" API endpoint...

CVE-2022-43125

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manageappointment.php...

Sql injection

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/updatestatus.php...

Sql injection

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manageappointment.php...

CVE-2022-43125

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manageappointment.php...

Joomla Vik Appointments 1.7.3 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

CVE-2022-2374

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite se...

CVE-2022-2373

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address...

CVE-2022-2373

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address...

CVE-2022-2373

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address...

Authentication flaw

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address...

Cross site scripting

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite se...

CVE-2022-2374 Simply Schedule Appointments < 1.5.7.7 - Admin+ Stored Cross-Site Scripting

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite se...