Filtered by vendor Clinic\'s Patient Management System Project
Subscribe
Filtered by product Clinic\'s Patient Management System
Subscribe
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3122 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-11-15 | N/A | N/A |
| A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-40471 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-11-01 | N/A | 9.8 CRITICAL |
| Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php | |||||
| CVE-2022-36609 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-09-02 | N/A | 9.8 CRITICAL |
| Clinic's Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php. | |||||
| CVE-2022-36251 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-08-23 | N/A | 6.1 MEDIUM |
| Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php. | |||||
| CVE-2022-35117 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-08-18 | N/A | 4.8 MEDIUM |
| Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical Details module. | |||||
| CVE-2022-36242 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-08-17 | N/A | 9.8 CRITICAL |
| Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=. | |||||
| CVE-2022-36270 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-08-11 | N/A | 9.8 CRITICAL |
| Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php. | |||||
| CVE-2022-36750 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-08-11 | N/A | 9.8 CRITICAL |
| Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=. | |||||
| CVE-2022-2298 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-07-15 | N/A | N/A |
| A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the argument user_name with the input admin' or '1'='1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||