22 matches found
CVE-2026-6602 rickxy Hospital Management System his_admin_account.php unrestricted upload
A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/hisadminaccount.php. The manipulation of the argument addpic results in unrestricted upload. The attack can be executed remotel...
CVE-2025-63497
The CVE-2025-63497 entry concerns rickxy Hospital Management System v1.0, where the patient prescription viewing function his_doc_view_single_patient.php concatenates the GET parameter pat_number directly into SQL queries. This root cause enables SQL injection, allowing an authenticated doctor to...
CVE-2025-63497
The patient prescription viewing functionality in hisdocviewsinglepatient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The patnumber GET parameter is directly concatenated into SQL queries without proper sanitization, allowing authenticated attacke...
CVE-2025-63497
The patient prescription viewing functionality in hisdocviewsinglepatient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The patnumber GET parameter is directly concatenated into SQL queries without proper sanitization, allowing authenticated attacke...
EUVD-2022-51461
Malicious code in bioql PyPI...
EUVD-2022-51460
Malicious code in bioql PyPI...
CVE-2022-4090
A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file ustransac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to...
Cross site request forgery (csrf)
A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file ustransac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to...
CVE-2022-4088
A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit...
CVE-2022-4089
A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has...
Cross site scripting
A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has...
Sql injection
A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit...
PT-2022-25611 · Unknown · Rickxy Stock Management System
Name of the Vulnerable Software and Affected Versions: rickxy Stock Management System affected versions not specified Description: A vulnerability was found in the rickxy Stock Management System, affecting unknown code in the file /pages/processlogin.php. The manipulation of the user argument lea...
CVE-2022-4090
CVE-2022-4090: Cross-site request forgery in the rickxy Stock Management System affecting processing of us_transac.php?action=add. The issue allows remote initiation and exploitation, with public disclosure noted across multiple sources. Root cause is described as manipulation leading to CSRF; af...
CVE-2022-4089
The CVE-2022-4089 entry concerns the Rickxy Stock Management System. Affected component: the login processing page /pages/processlogin.php. Root cause: manipulation of the user argument enables cross-site scripting. Impact: results in client-side script execution, with exploitation possible remot...
CVE-2022-4089 rickxy Stock Management System processlogin.php cross site scripting
A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has...
CVE-2022-4090 rickxy Stock Management System cross-site request forgery
A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file ustransac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to...
PT-2022-25614 · Unknown · Rickxy Stock Management System
Name of the Vulnerable Software and Affected Versions: rickxy Stock Management System affected versions not specified Description: A vulnerability was found in the rickxy Stock Management System, classified as problematic. This issue affects some unknown processing of the file "us...
CVE-2022-4090 rickxy Stock Management System cross-site request forgery
A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file ustransac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to...
CVE-2022-4089 rickxy Stock Management System processlogin.php cross site scripting
A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has...