Lucene search
K

7 matches found

EUVD
EUVD
added 2026/04/05 9:30 p.m.3 views

EUVD-2019-20091

C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the usersselect.php endpoint with crafted S...

8.8CVSS6.2AI score0.00272EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/05 8:45 p.m.1 views

CVE-2019-25678

C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the usersselect.php endpoint with crafted S...

8.8CVSS6.2AI score0.00272EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.15 views

PT-2026-30486

C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users select.php endpoint with crafted...

8.8CVSS6.2AI score0.00272EPSS
Exploits1References3
OSV
OSV
added 2019/11/06 7:15 p.m.6 views

CVE-2019-5644

Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator...

9.8CVSS6.8AI score0.0132EPSS
Exploits3References1
NVD
NVD
added 2019/11/06 7:15 p.m.17 views

CVE-2019-5643

Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation...

5.3CVSS5.3AI score0.00902EPSS
Exploits2References1
Prion
Prion
added 2019/11/06 7:15 p.m.16 views

Improper access control

Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator...

7.5CVSS9.4AI score0.0132EPSS
Exploits3References1Affected Software1
exploitpack
exploitpack
added 2019/10/04 12:0 a.m.27 views

LabCollector 5.423 - SQL Injection

LabCollector 5.423 - SQL Injection Exploit Title: LabCollector Laboratory Information System 5.423 - Multiples SQL Injection Date: 09/09/2019 Software Links/Project: https://www.labcollector.com/clientarea/downloads.php Version: LabCollector Laboratory Information System 5.423 Exploit Author:...

0.1AI score
Exploits0
Rows per page
Query Builder