13 matches found
CVE-2023-31519
CVE-2023-31519 affects Pharmacy Management System v1.0. The Red Hat, CNVD/CNNVD, NVD entries describe a SQL injection vulnerability in login_core.php exposed via the email parameter, arising from lack of validation of externally entered SQL statements. This can allow an attacker to execute arbitr...
CVE-2024-8146
The CVE-2024-8146 entry concerns code-projects Pharmacy Management System 1.0. The vulnerability is a SQL injection in the endpoint /index.php?action=editSalesman, triggered by manipulating the id parameter. A remote attacker can exploit it, and public disclosures exist. Exploit details and advis...
CVE-2024-8147
The CVE-2024-8147 entry concerns the code-projects Pharmacy Management System version 1.0. The vulnerability arises in the handling of the parameter id in the endpoint "/index.php?action=editPharmacist", where unsanitized input leads to SQL injection . This can be exploited remotely and is classi...
CVE-2022-34950
CVE-2022-34950 : Multiple sources describe a SQL injection vulnerability in Pharmacy Management System v1.0, exposed via the id parameter of editproduct.php. The root cause is lack of validation of external input in the SQL statement, enabling an attacker to execute arbitrary SQL commands and pot...
CVE-2022-34947
CVE-2022-34947 affects Pharmacy Management System v1.0. A SQL injection vulnerability arises from unsanitized input on the id parameter in editcategory.php, enabling arbitrary SQL on the database. Root cause: lack of validation/external input handling for the id field. Impact is described as high...
CVE-2022-34945
Pharmacy Management System v1.0 contains a SQL injection vulnerability in getproductreport.php via the startDate parameter. The issue stems from unsanitized external input in the SQL query, enabling an attacker to potentially execute arbitrary SQL and exfiltrate data. Public references describe i...
CVE-2022-30887
Pharmacy Management System v1.0 contains a remote code execution (RCE) via /php_action/editProductImage.php when handling a crafted image file. Affected component is the editProductImage.php upload logic, enabling arbitrary code execution on the server. The issue is evidenced by related Red Hat/C...
CVE-2022-34946
CVE-2022-34946 affects Pharmacy Management System v1.0. The vulnerability is a SQL injection via the startDate parameter in getexpproduct.php, caused by lack of input validation. The exploit could allow unauthorized access to or manipulation of the database (per NVD metrics: CVSSv3.1 base score 9...
CVE-2022-34948
CVE-2022-34948 affects Pharmacy Management System v1.0. The vulnerability is a SQL injection in the id parameter of editbrand.php, arising from lack of input validation/unsafe SQL construction. Impacts include potential extraction or manipulation of database data (high confidentiality and integri...
CVE-2022-34949
CVE-2022-34949 affects Pharmacy Management System v1.0. Multiple SQL injection vulnerabilities exist in login.php via the email and password parameters, caused by lack of validation of externally entered SQL statements. Impact stated across sources includes potential theft of sensitive data. No e...
CVE-2023-4186
SourceCodester Pharmacy Management System 1.0 is affected by CVE-2023-4186 via an issue in the file manage_website.php that allows unrestricted uploads. This vulnerability can be triggered remotely and has been publicly disclosed; NVD CVSS v3.1 base score 9.8 (CRITICAL), with impact on confidenti...
CVE-2023-0918
CVE-2023-0918 affects codeprojects Pharmacy Management System 1.0, specifically the Avatar Image Handler’s add.php. The issue is unrestricted file upload due to missing validation, enabling remote code execution via uploaded files. Several sources confirm public exploitation and a high-impact pro...
CVE-2024-8138
The CVE-2024-8138 entry concerns code-projects Pharmacy Management System 1.0. The vulnerable component is the function editManager in /index.php?action=editManager (Parameter Handler). The issue arises from manipulating the id argument as part of a string, leading to SQL injection. Remote exploi...