7 matches found
CVE-2024-25217
CVE-2024-25217 corresponds to a SQL injection vulnerability in Online Medicine Ordering System v1.0, exploitable through the id parameter in /omos/?p=products/view_product. Connected sources repeatedly confirm the issue is SQL injection with potential for high impact on confidentiality, integrity...
CVE-2022-3714
CVE-2022-3714 affects SourceCodester Online Medicine Ordering System 1.0. The vulnerability is a SQL injection in an unknown function of the file admin/?page=orders/view_order, triggered by manipulating the id parameter, allowing remote exploitation. Documents consistently describe this issue as ...
CVE-2022-3716
CVE-2022-3716 affects SourceCodester Online Medicine Ordering System 1.0. The vulnerability is in the unknown functionality behind /omos/admin/?page=user/list, where manipulation of the First Name/Middle Name/Last Name parameters leads to cross-site scripting. It can be exploited remotely. Docume...
CVE-2024-32167
CVE-2024-32167 involves the Sourcecodester Online Medicine Ordering System 1.0. The vulnerability is an Arbitrary file deletion flaw caused by a backend function intended for deleting pictures, which can be abused to delete arbitrary files. Reported impact aligns with high integrity and availabil...
CVE-2025-3140
CVE-2025-3140 affects SourceCodester Online Medicine Ordering System 1.0. The vulnerability is an SQL injection in the unknown part of the file /view_category.php caused by manipulating the ID parameter. It can be exploited remotely and exploitation has been disclosed publicly. The connected docu...
CVE-2025-3141
CVE-2025-3141 affects SourceCodester Online Medicine Ordering System 1.0. The vulnerability resides in the unknown code path of the file /manage_category.php, where the manipulation of the argument ID leads to an SQL injection. Exploitation is possible remotely and the exploit has been disclosed ...
CVE-2024-46293
The CVE-2024-46293 entry affects Sourcecodester Online Medicine Ordering System 1.0. The root cause is Incorrect Access Control due to a lack of authorization checks for admin operations, allowing an attacker to perform admin-level actions without a valid session token or verification of admin lo...