|
200521
|
2.7 |
LOW
Network
|
lightbend
|
play_framework
|
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior …
|
NVD-CWE-Other
|
CVE-2020-28923
|
2024-11-21 14:23 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200522
|
7.2 |
HIGH
Network
|
openclinic_project
|
openclinic
|
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious file…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28939
|
2024-11-21 14:23 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200523
|
5.4 |
MEDIUM
Network
|
openclinic_project
|
openclinic
|
OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28938
|
2024-11-21 14:23 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200524
|
7.5 |
HIGH
Network
|
openclinic_project
|
openclinic
|
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Prot…
|
CWE-306
CWE-425
Missing Authentication for Critical Function
Direct Request ('Forced Browsing')
|
CVE-2020-28937
|
2024-11-21 14:23 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200525
|
9.8 |
CRITICAL
Network
|
adrianmercurio
|
gym_management_system
|
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
|
CWE-89
SQL Injection
|
CVE-2020-29288
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200526
|
9.8 |
CRITICAL
Network
|
car_rental_management_system_project
|
car_rental_management_system
|
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
|
CWE-89
SQL Injection
|
CVE-2020-29287
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200527
|
9.8 |
CRITICAL
Network
|
point_of_sales_in_php\/pdo_project
|
point_of_sales_in_php\/pdo
|
SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.
|
CWE-89
SQL Injection
|
CVE-2020-29285
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200528
|
9.8 |
CRITICAL
Network
|
multi_restaurant_table_reservation_system_project
|
multi_restaurant_table_reservation_system
|
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can s…
|
CWE-89
SQL Injection
|
CVE-2020-29284
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200529
|
9.8 |
CRITICAL
Network
|
online_doctor_appointment_booking_system_php_and_mysql_project
|
online_doctor_appointment_booking_system_php_and_mysql
|
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.
|
CWE-89
SQL Injection
|
CVE-2020-29283
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200530
|
9.8 |
CRITICAL
Network
|
bloodx_project
|
bloodx
|
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
|
CWE-89
SQL Injection
|
CVE-2020-29282
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
