93 matches found
Clinics Patient Management System SQL Injection Vulnerability
Clinics Patient Management System is a clinic patient management system. A SQL injection vulnerability exists in Clinics Patient Management System version 2.0, which originates from a parameter username that can be exploited to execute illegal SQL commands...
CVE-2022-2298 SourceCodester Clinics Patient Management System Login Page index.php sql injection
A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the argument username with the input admin' or...
GHSA-QRW3-MQ8R-CQ7Q AdaptCMS SQL Injection vulnerability
SQL injection vulnerability in the "Check User" feature includes/checkuser.php in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter...
Victor CMS SQL Injection Vulnerability (CNVD-2022-85093)
Victor CMS is an open source content management system by Victor Alagwu, a personal developer in Nigeria. v1.0 of Victor CMS is vulnerable to SQL injection, which originates from the username parameter in /includes/login.php, and can be exploited by attackers to inject queries in /CMSsite/ throug...
CVE-2022-28060
SQL Injection vulnerability in Victor CMS v1.0, via the username parameter to /includes/login.php...
CVE-2021-46459
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=adduser. These vulnerabilities can be exploited through a crafted POST request via the username, userfirstname,userlastname, or useremail parameters...
Sql injection
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=adduser. These vulnerabilities can be exploited through a crafted POST request via the username, userfirstname,userlastname, or useremail parameters...
SUSE: Security Advisory (SUSE-SU-2019:2092-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 8 : squid:4 (CESA-2019:3476)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3476 advisory. - squid: XSS via username or auth parameter in cachemgr.cgi CVE-2019-13345 Note that Nessus has not tested for this issue but has instead relied only on the...
Cross site scripting
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...
RHEL 8 : squid:4 (RHSA-2019:3476)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3476 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: XSS via...
CVE-2019-13345
The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...
Design/Logic Flaw
The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...
CVE-2019-13345
The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...
CVE-2019-13345
The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...
CVE-2019-13345
The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...
CVE-2019-13345
The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...
CVE-2018-16432
BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...
Sql injection
BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...
CVE-2018-16432
BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...