Lucene search
K

93 matches found

CNVD
CNVD
added 2022/07/15 12:0 a.m.82 views

Clinics Patient Management System SQL Injection Vulnerability

Clinics Patient Management System is a clinic patient management system. A SQL injection vulnerability exists in Clinics Patient Management System version 2.0, which originates from a parameter username that can be exploited to execute illegal SQL commands...

9.8CVSS9.8AI score0.00892EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/07/12 4:22 p.m.31 views

CVE-2022-2298 SourceCodester Clinics Patient Management System Login Page index.php sql injection

A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the argument username with the input admin' or...

7.3CVSS10AI score0.00892EPSS
Exploits0References2
OSV
OSV
added 2022/05/02 12:10 a.m.6 views

GHSA-QRW3-MQ8R-CQ7Q AdaptCMS SQL Injection vulnerability

SQL injection vulnerability in the "Check User" feature includes/checkuser.php in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter...

9.3CVSS8.3AI score0.0125EPSS
Exploits0References6
CNVD
CNVD
added 2022/04/29 12:0 a.m.22 views

Victor CMS SQL Injection Vulnerability (CNVD-2022-85093)

Victor CMS is an open source content management system by Victor Alagwu, a personal developer in Nigeria. v1.0 of Victor CMS is vulnerable to SQL injection, which originates from the username parameter in /includes/login.php, and can be exploited by attackers to inject queries in /CMSsite/ throug...

7.5CVSS5.5AI score0.01571EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/04/28 7:35 p.m.23 views

CVE-2022-28060

SQL Injection vulnerability in Victor CMS v1.0, via the username parameter to /includes/login.php...

8.2AI score0.01571EPSS
Exploits1References3
NVD
NVD
added 2022/01/31 7:15 p.m.22 views

CVE-2021-46459

Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=adduser. These vulnerabilities can be exploited through a crafted POST request via the username, userfirstname,userlastname, or useremail parameters...

7.5CVSS0.0137EPSS
Exploits1References2
Prion
Prion
added 2022/01/31 7:15 p.m.14 views

Sql injection

Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=adduser. These vulnerabilities can be exploited through a crafted POST request via the username, userfirstname,userlastname, or useremail parameters...

5CVSS7.9AI score0.0137EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2019:2092-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS8AI score0.74477EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/01/29 12:0 a.m.41 views

CentOS 8 : squid:4 (CESA-2019:3476)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3476 advisory. - squid: XSS via username or auth parameter in cachemgr.cgi CVE-2019-13345 Note that Nessus has not tested for this issue but has instead relied only on the...

6.1CVSS6.1AI score0.74477EPSS
Exploits1References2
Prion
Prion
added 2020/06/22 6:15 p.m.20 views

Cross site scripting

Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...

4.3CVSS6AI score0.00874EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/11/06 12:0 a.m.37 views

RHEL 8 : squid:4 (RHSA-2019:3476)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3476 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: XSS via...

6.1CVSS6.2AI score0.74477EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2019/07/08 6:22 a.m.40 views

CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

6.1CVSS4.1AI score0.74477EPSS
Exploits1References3
Prion
Prion
added 2019/07/05 4:15 p.m.30 views

Design/Logic Flaw

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

4.3CVSS6AI score0.74477EPSS
Exploits1References15Affected Software2
Cvelist
Cvelist
added 2019/07/05 3:45 p.m.32 views

CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

7.7AI score0.74477EPSS
Exploits1References15
Debian CVE
Debian CVE
added 2019/07/05 3:45 p.m.31 views

CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

6.1CVSS6.8AI score0.74477EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2019/07/05 3:45 p.m.44 views

CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

6.1CVSS7.9AI score0.74477EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2019/07/05 12:0 a.m.36 views

CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

6.1CVSS6.6AI score0.74477EPSS
Exploits1References4
NVD
NVD
added 2018/09/04 12:29 a.m.9 views

CVE-2018-16432

BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...

9.8CVSS9.9AI score0.01135EPSS
Exploits1References1
Prion
Prion
added 2018/09/04 12:29 a.m.17 views

Sql injection

BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...

7.5CVSS9.8AI score0.01135EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/09/04 12:0 a.m.14 views

CVE-2018-16432

BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...

9.9AI score0.01135EPSS
Exploits1References1
Rows per page
Query Builder