5 matches found
CVE-2024-28303
Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php...
CVE-2024-28303
Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php...
CVE-2024-28303
Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php...
CVE-2024-28303
Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php...
CVE-2024-28303
Open Source Medicine Ordering System v1.0 is vulnerable to a SQL injection via the date parameter in /admin/reports/index.php. Affected component: the web application’s reports endpoint. Root cause (as described): unsafely interpolating user-supplied date input into SQL queries leading to potenti...