CVE-2022-38610

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php...

PT-2022-26235 · Unknown · Online Diagnostic Lab Management System

Name of the Vulnerable Software and Affected Versions: Online Diagnostic Lab Management System version 1.0 Description: The issue concerns SQL Injection, which can be exploited via the "/diagnostic/editclient.php?id=" API endpoint. This allows for potential manipulation of database queries by...

PT-2022-19958 · Unknown · Insurance Management System

Name of the Vulnerable Software and Affected Versions: Insurance Management System version 1.0 Description: The issue allows for SQL Injection via the "/insurance/editClient.php" endpoint, specifically through the client id variable. This could potentially lead to unauthorized access or...

CVE-2021-41917

webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and...