Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the updatemessagebyid and deletemessagebyid endpoints due to missing ownership validation for messages. An attacker can alter or remove messages belonging to other users by sending...

PT-2022-26736 · Unknown · Online Diagnostic Lab Management System

Name of the Vulnerable Software and Affected Versions: Online Diagnostic Lab Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/odlms/classes/Master.php?f=delete message" API endpoint...

CVE-2022-42241

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=deletemessage...

PT-2022-26327 · Unknown · Simple Cold Storage Management System

Name of the Vulnerable Software and Affected Versions: Simple Cold Storage Management System version 1.0 Description: The issue is related to SQL injection via the /csms/classes/Master.php?f=delete message endpoint. This allows for potential manipulation of database queries. Recommendations: For...

Patient Records Management System SQL注入漏洞

Sourcecodester Hospital Patient Records Management System is a web-based application that provides hospitals with an automated platform to store and manage their patient records. Management System is vulnerable to a SQL injection vulnerability that originates in the...