Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Doctor's Appointment System 1.0 SQL Injection

Doctor's Appointment System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Soham Bakore and Nakul Ratti in February of 2021.

Packet Storm
Open in Source
#sql#vulnerability#google#linux#php#auth
Doctor's Appointment System 1.0 Cross Site Scripting

Doctor's Appointment System version 1.0 suffers from a cross site scripting vulnerability in register.php. Original discovery of cross site scripting in this version is attributed to Soham Bakore in February of 2021.

CVE-2022-3072: Cross-site Scripting (XSS) - Stored in rosariosis

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.

CVE-2022-36676: bug_report/SQLi-1.md at main · Nujabe4/bug_report

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.

CVE-2022-36674: bug_report/SQLi-3.md at main · Nujabe4/bug_report

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.

CVE-2022-36675: bug_report/SQLi-2.md at main · Nujabe4/bug_report

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php.

GHSA-vqc4-v8hc-h2jg: Polynomial regular expression used on uncontrolled data in nitrado.js

### Impact Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. ### Patches Patched in all versions above `0.2.5` ### Workarounds No known work arounds. ### References - OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS) - Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS). - Wikipedia: [Time complexity](https://en.wikipedia.org/wiki/Time_complexity). - James Kirrage, Asiri Rathnayake, Hayo Thielecke: [Static Analysis for Regular Expression Denial-of-Service Attack](http://www.cs.bham.ac.uk/~hxt/research/reg-exp-sec.pdf). - Common Weakness Enumeration: [CWE-1333](https://cwe.mitre.org/data/definitions/1333.html). - Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).

CVE-2022-36203: Doctor's Appointment System using PHP Free Source Code

Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.

CVE-2022-36582: Zerrr0_Vulnerability/Arbitrary-File-Upload-Vulnerability.md at main · zerrr0/Zerrr0_Vulnerability

An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-36581: Zerrr0_Vulnerability/SQL-Injection-Vulnerability.md at main · zerrr0/Zerrr0_Vulnerability

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php.