CVE-2022-38594 The mBMS v1.0 was found to have a SQL injection vulnerability via the id parameter.
A remote attacker could exploit this vulnerability to execute arbitrary SQL commands.
It was reported that this management system was publicly accessible on the internet.
CVE-2022-40365 XSS vulnerability in ouqiang gocron through 1.5.3 allows attackers to execute arbitrary code.
XSS exists in function.
/admin/task.php via the value of the name parameter. Attackers can inject arbitrary code in the client-side language via scope.
CVE-2022-37138 The LMS 1.0 is vulnerable to SQL Injection at the login page, which allows attackers to log in as Administrator as username form.
To inject SQL Injection, attacker can send request with SQL statement in the ‘INPUT>’ tag. An attacker can send the following injection request to
CVE-2022-39817 Multiple SQL Injection vulnerabilities occur in NOKIA 1350 OMS R14.2 cgi-bin/R14.2/easy1350.pl id or host or cgi-bin/R14.2/cgi-bin/R14.2/host.pl host.pl
An attacker can leverage these issues to execute SQL commands or view sensitive information. In addition, there are multiple XSS vulnerabilities in the /cgi-bin/R14.
CVE-2022-38637 The v1.0 HNMS had SQL injection vulnerabilities that could be exploited with log in details and passwords.
By injecting malicious SQL code into the ‘username’ and ‘password’ parameters, an attacker could exploit the system to gain remote access to the system.
Hospital
Episode
00:00:00
00:00:00