21 matches found
CVE-2026-4908
The CVE-2026-4908 entry concerns code-projects Simple Laundry System 1.0. The vulnerability resides in the Parameter Handler’s modstaffinfo.php, where manipulating the userid parameter enables SQL injection. The flaw is exploitable remotely and has seen public exploit activity. Connected sources ...
CVE-2024-41309
An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system...
CVE-2024-38348
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter...
CVE-2024-37802
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter...
CVE-2024-41309
An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system...
CVE-2024-38348
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter...
CVE-2024-37802
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter...
Health Care hospital Management System SQL Injection Vulnerability
Health Care hospital Management System is an open source health care hospital management system from Code-Projects. A SQL injection vulnerability exists in Health Care hospital Management System v1.0, which originates from a SQL injection vulnerability in the searvalu parameter in the Staff Info...
PT-2024-27951 · Unknown · Codeprojects Health Care Hospital Management System
Name of the Vulnerable Software and Affected Versions: CodeProjects Health Care hospital Management System version 1.0 Description: The issue is related to a SQL injection vulnerability in the Staff Info module. This vulnerability can be exploited via the searvalu parameter. Recommendations: For...
CVE-2024-37802
CodeProjects Health Care hospital Management System v1.0 has a SQL injection flaw in the Patient Info module that is exploitable via the searvalu parameter. The vulnerability affects the Patient Info input handling and can lead to high-impact outcomes in confidentiality, integrity, and availabili...
CVE-2024-38348
CodeProjects Health Care hospital Management System v1.0 contains a SQL injection vulnerability in the Staff Info module reachable via the searvalu parameter. The issue is documented across multiple sources (NVD, CVE list, CNNVD, PT-Security, etc.) with the vulnerability impacting the Staff Info ...
PT-2024-27760 · Unknown · Codeprojects Health Care Hospital Management System
Name of the Vulnerable Software and Affected Versions: CodeProjects Health Care hospital Management System version 1.0 Description: The issue is related to a SQL injection vulnerability in the Patient Info module. This vulnerability is exploited via the searvalu parameter. Recommendations: For...
SUSE CVE-2012-3499
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
CVE-2015-4385
Cross-site scripting XSS vulnerability in unspecified administration pages in the Imagefield Info module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "Administer image styles" permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-4385
The CVE concerns the Drupal Imagefield Info module (7.x-1.x) prior to 7.x-1.2. The issue is an XSS vulnerability in unspecified administration pages caused by inadequate sanitization, allowing remote authenticated users with the Administer image styles permission to inject arbitrary scripts or HT...
CVE-2015-4385
Cross-site scripting XSS vulnerability in unspecified administration pages in the Imagefield Info module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "Administer image styles" permission to inject arbitrary web script or HTML via unspecified vectors...
httpd: multiple XSS flaws due to unescaped hostnames
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
httpd: multiple XSS flaws due to unescaped hostnames
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
httpd: multiple XSS flaws due to unescaped hostnames
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
DEBIAN-CVE-2012-3499
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...