5 matches found
CVE-2022-34954
Pharmacy Management System v1.0 contains a SQL injection vulnerability in invoiceprint.php exposed via the id parameter. Root cause: lack of input validation on external input for the SQL statement. Impact per sources: potential unauthorized access to sensitive data in the database. Exploitation ...
CVE-2022-34951
The CVE-2022-34951 entry concerns Pharmacy Management System v1.0, where a SQL injection flaw exists in the getsalereport.php endpoint through the startDate parameter. The issue affects the application’s data integrity, confidentiality, and availability (CVSS v3.1 base score 9.8, CRITICAL). Explo...
CVE-2022-34952
Pharmacy Management System v1.0 contains a SQL injection in the id parameter of edituser.php. The root cause is a lack of input validation for external SQL, enabling arbitrary database queries that could expose or modify data. Impact per sources includes potential access to sensitive data; CVSS d...
CVE-2022-34953
Pharmacy Management System v1.0 contains a SQL injection in getOrderReport.php via the startDate parameter. The root cause is lack of input validation leading to arbitrary SQL execution, enabling access to sensitive data. Affected product/component: Pharmacy Management System (MPMS) v1.0; vulnera...
CVE-2018-18704
The CVE-2018-18704 entry: PhpTpoint Pharmacy Management System contains a SQL injection in the index.php username parameter. According to CNVD-2019-23084, this can be exploited by a remote attacker to bypass the login page and authenticate as admin or another user. NVD data indicates a high to cr...