Lucene search
K

156 matches found

CNNVD
CNNVD
added 2023/08/08 12:0 a.m.5 views

Doctors Appointment System SQL Injection Vulnerability

Doctors Appointment System is a doctor appointment system from SourceCodester. A SQL injection vulnerability exists in SourceCodester Doctors Appointment System version 1.0, which stems from a SQL injection vulnerability in the parameter userremail...

7.5CVSS8.1AI score0.00669EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/08/06 12:0 a.m.5 views

Hospital Management System SQL Injection Vulnerability

A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. A SQL injection vulnerability exists in the SourceCodester Free Hospital Management System, which originates from an SQL injection...

9.8CVSS7.8AI score0.00732EPSS
Exploits1References5
NVD
NVD
added 2023/06/27 2:15 p.m.33 views

CVE-2023-2628

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary...

8.8CVSS8.7AI score0.00389EPSS
Exploits2References1
NVD
NVD
added 2023/06/27 2:15 p.m.54 views

CVE-2023-2627

The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings...

4.3CVSS4.7AI score0.00247EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/06/27 1:17 p.m.32 views

CVE-2023-2628 KiviCare Management System < 3.2.1 - Multiple CSRF

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary...

8.8AI score0.00389EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/06/27 1:17 p.m.44 views

CVE-2023-2627 KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls

The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings...

5AI score0.00247EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.14 views

KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings PoC Run one of the below commands i...

4.3CVSS8.8AI score0.00247EPSS
Exploits2Affected Software1
Openbugbounty
Openbugbounty
added 2023/03/31 7:12 p.m.7 views

texaseyedoctors.com Cross Site Scripting vulnerability OBB-3243435

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
OSV
OSV
added 2023/02/27 12:15 p.m.2 views

CVE-2023-1062

A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is possible to launch...

8.8CVSS6.5AI score0.007EPSS
Exploits1References3
OSV
OSV
added 2023/02/27 12:15 p.m.4 views

CVE-2023-1061

A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql injection. The attack may be initiated...

8.8CVSS5.8AI score0.00759EPSS
Exploits1References5
NVD
NVD
added 2023/02/27 12:15 p.m.16 views

CVE-2023-1062

A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is possible to launch...

8.8CVSS7.3AI score0.007EPSS
Exploits1References3
NVD
NVD
added 2023/02/27 12:15 p.m.21 views

CVE-2023-1061

A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql injection. The attack may be initiated...

8.8CVSS7.3AI score0.00759EPSS
Exploits1References5
OSV
OSV
added 2023/02/27 12:15 p.m.4 views

CVE-2023-1059

A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads to sql injection. The attack can be...

8.8CVSS6.6AI score0.00759EPSS
Exploits1References5
NVD
NVD
added 2023/02/27 12:15 p.m.14 views

CVE-2023-1063

A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection...

8.8CVSS7.3AI score0.00728EPSS
Exploits1References3
NVD
NVD
added 2023/02/27 12:15 p.m.11 views

CVE-2023-1058

A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

8.8CVSS8AI score0.0076EPSS
Exploits1References3
OSV
OSV
added 2023/02/27 12:15 p.m.4 views

CVE-2023-1063

A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection...

8.8CVSS6.5AI score0.00728EPSS
Exploits1References3
NVD
NVD
added 2023/02/27 12:15 p.m.20 views

CVE-2023-1056

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The attack can be launch...

8.8CVSS7.3AI score0.007EPSS
Exploits1References3
OSV
OSV
added 2023/02/27 12:15 p.m.2 views

CVE-2023-1056

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The attack can be launch...

8.8CVSS6.6AI score
Exploits0References3
OSV
OSV
added 2023/02/27 12:15 p.m.3 views

CVE-2023-1057

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been rated as critical. Affected by this issue is the function edoc of the file login.php. The manipulation of the argument usermail leads to sql injection. VDB-221822 is the identifier assigned to this vulnerabili...

8.8CVSS6.3AI score0.00728EPSS
Exploits1References3
NVD
NVD
added 2023/02/27 12:15 p.m.20 views

CVE-2023-1057

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been rated as critical. Affected by this issue is the function edoc of the file login.php. The manipulation of the argument usermail leads to sql injection. VDB-221822 is the identifier assigned to this vulnerabili...

8.8CVSS6.6AI score0.00728EPSS
Exploits1References3
Rows per page
Query Builder