CVE-2023-37070

Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting XSS...

CVE-2023-37070

Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting XSS...

Sql injection

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection SQLI attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login...

CVE-2023-37069

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection due to failure to validate input in the login id and password fields, allowing attackers to inject SQL into queries. The vulnerability is tied to the login process and could enable manipulation of backend queries....

CVE-2023-37069

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection SQLI attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login...

CVE-2023-37068

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password field...

Sql injection

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password field...

CVE-2023-37068

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password field...

PT-2023-25781 · Code Projects · Code-Projects Gym Management System

Name of the Vulnerable Software and Affected Versions: Code-Projects Gym Management System version V1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This arises due to...

CVE-2023-37068

Code-Projects Gym Management System v1.0 is affected by a SQL injection in the login form caused by insufficient validation of username and password input. This vulnerability enables remote attackers to run arbitrary SQL commands, leading to unauthorized access and potential data manipulation. Ex...

CVE-2023-37627

CVE-2023-37627 affects Code-projects Online Restaurant Management System 1.0. The vulnerability is an SQL Injection that can bypass the admin panel and allow viewing order records, and enabling adding or deleting items. Some connected data indicates a PoC exists, suggesting exploitation may be de...

CVE-2023-3339

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument testid leads to sql injection. The attack can be launched remotely...

CVE-2023-3339

CVE-2023-3339 affects code-projects Agro-School Management System 1.0, specifically the exam-delete.php functionality. The root cause is SQL injection triggered by manipulating the test_id parameter, allowing remote exploitation. Multiple sources confirm the impact as a database query manipulatio...

CVE-2023-3339 code-projects Agro-School Management System exam-delete.php sql injection

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument testid leads to sql injection. The attack can be launched remotely...

CVE-2023-3310 code-projects Agro-School Management System loaddata.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Agro-School Management System 1.0. Affected by this issue is some unknown functionality of the file loaddata.php. The manipulation of the argument subject/course leads to sql injection. The attack may be launched...

Design/Logic Flaw

A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btnfunctions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The...

CVE-2023-3274 code-projects Supplier Management System Picture btn_functions.php unrestricted upload

A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btnfunctions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The...

CVE-2023-3094

The CVE-2023-3094 entry affects code-projects Agro-School Management System 1.0, with the doUpdateQuestion function in btn_functions.php vulnerable to SQL injection via the question_id parameter. Publicly disclosed exploit guidance is available, and remote access is possible. The issue is referen...

CVE-2023-3062

A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier o...

Cross site scripting

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btnfunctions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated...