Lucene search

Online Covid Vaccination Scheduler System Security Vulnerabilities

cve

CVE-2021-36621

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authe...

8.1CVSS

8.4AI Score

0.01EPSS

2021-07-30 02:15 PM

cve

CVE-2021-36622

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Conte...

9.8CVSS

9.3AI Score

0.027EPSS

2021-08-03 06:15 PM

141

cve

CVE-2021-37803

An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php .

8.1CVSS

8.4AI Score

0.002EPSS

2021-10-27 05:15 PM

cve

CVE-2021-41930

Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php.

6.1CVSS

6.1AI Score

0.001EPSS

2022-01-24 07:15 PM