|
201061
|
5.4 |
MEDIUM
Network
|
openclinic_project
|
openclinic
|
OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28938
|
2024-11-21 14:23 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201062
|
7.5 |
HIGH
Network
|
openclinic_project
|
openclinic
|
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Prot…
|
CWE-306
CWE-425
Missing Authentication for Critical Function
Direct Request ('Forced Browsing')
|
CVE-2020-28937
|
2024-11-21 14:23 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201063
|
9.8 |
CRITICAL
Network
|
adrianmercurio
|
gym_management_system
|
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
|
CWE-89
SQL Injection
|
CVE-2020-29288
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201064
|
9.8 |
CRITICAL
Network
|
car_rental_management_system_project
|
car_rental_management_system
|
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
|
CWE-89
SQL Injection
|
CVE-2020-29287
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201065
|
9.8 |
CRITICAL
Network
|
point_of_sales_in_php\/pdo_project
|
point_of_sales_in_php\/pdo
|
SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.
|
CWE-89
SQL Injection
|
CVE-2020-29285
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201066
|
9.8 |
CRITICAL
Network
|
multi_restaurant_table_reservation_system_project
|
multi_restaurant_table_reservation_system
|
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can s…
|
CWE-89
SQL Injection
|
CVE-2020-29284
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201067
|
9.8 |
CRITICAL
Network
|
online_doctor_appointment_booking_system_php_and_mysql_project
|
online_doctor_appointment_booking_system_php_and_mysql
|
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.
|
CWE-89
SQL Injection
|
CVE-2020-29283
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201068
|
9.8 |
CRITICAL
Network
|
bloodx_project
|
bloodx
|
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
|
CWE-89
SQL Injection
|
CVE-2020-29282
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201069
|
9.8 |
CRITICAL
Network
|
victor_cms_project
|
victor_cms
|
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
|
CWE-89
SQL Injection
|
CVE-2020-29280
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201070
|
9.8 |
CRITICAL
Network
|
74cms
|
74cms
|
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
|
NVD-CWE-noinfo
|
CVE-2020-29279
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
