CVE-2022-38104 Auth
The Change Admin Email and New Admin Email fields were vulnerable to SQL Injection and XSS injection methods. The Attack vector for this vulnerability was
CVE-2022-42205 Hospital Management System in PHP 4.0 is vulnerable to XSS via add-patient.php
Exploitation of this vulnerability requires no authentication, thus it might be a low-severity issue, but it is still important to be aware of it.
A
CVE-2022-42206 Hospital Management System in PHP 4.0 is vulnerable to XSS via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.
Cross site scripting occurs when data is inputted into one web application and then displayed in another application. These applications can be on the same
CVE-2022-42021 Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=
A hacker can inject malicious code in the input of the notice-details.php?nid= parameter to execute arbitrary SQL commands.
1.1.7 - Inadequate
CVE-2022-40084 OpenCRX v5.2.2 was vulnerable to password enumeration due to difference in messages received during a password reset. This could enable an attacker to determine if a username, email or ID is valid.
The vulnerability here is that the transition of a new password would result in a different error code being stored in the database. Due to
Episode
00:00:00
00:00:00