Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.

**Here is a sql injection in room.php**

**Vulnerability page is is as follows**  
![image](https://user-images.githubusercontent.com/52986105/158118493-cce2b997-9e56-4435-838c-94bc80598a34.png)  
**if I submit the request,Vulnerability in many parameters**  
![image](https://user-images.githubusercontent.com/52986105/158122200-54538a55-05fe-470d-8864-cb819c8bb483.png)

****the sqlmap result****

![image](https://user-images.githubusercontent.com/52986105/158119620-cdb2870d-ceea-4abb-95a3-51ba89f28fc3.png)  
![image](https://user-images.githubusercontent.com/52986105/158122360-faf82b53-63a6-4e30-b231-0a88b7b41a81.png)  
![image](https://user-images.githubusercontent.com/52986105/158122395-305c2a92-a682-484e-98f0-819c22803ceb.png)  
![image](https://user-images.githubusercontent.com/52986105/158122964-4191d45a-f65f-4543-87a1-a0080515fc9d.png)  
![image](https://user-images.githubusercontent.com/52986105/158123278-5d8c851b-5607-4df7-ac06-b2f4eebbf838.png)

CVE-2022-27299: SQL injection vulnerability · Discussion #14 · kabirkhyrul/HMS

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-27984: SQL injection vulnerability exists in CuppaCMS /administrator/templates/default/html/windows/right.php · Issue #30 · CuppaCMS/CuppaCMS

WordPress Coru LFMember plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: WordPress Plugin Coru LFMember - Stored Cross SiteScripting# Date: 26-04-2022# Exploit Author: Mariam Tariq - HunterSherlock# Vendor Homepage: https://wordpress.org/plugins/Coru LFMember/# Version: 1.0.2# Tested on: Firefox# Contact me: mariamtariq404@gmail.com# Vulnerable Code:```<td class="manage-column"><input type="text" value="<?php print$result['game_image'] ?>" name="game_image[]" /></td><td class="manage-column"><?php printstripslashes($result['game_name_short']) ?></td><td class="manage-column"><input type="text" value="<?php printstripslashes($result['game_name_long']) ?>" name="game_name_long[]" /></td><td class="manage-column"><textarea name="game_description[]" rows="4"cols="10"><?php print stripslashes($result['game_description'])?></textarea></td><td class="manage-column"><input type="text" value="<?php print$result['game_link'] ?>" name="game_link[]" /></td>```# POC1. Install the Coru LFMember WordPress plugin and activate it.2. Go to LFMember -> Add New and inject XSS payload “><img src=xonerror=alert(1)> in the fields given i.e, Game Image Name, Game ShortName, Game Long Name, Game Description, and Links to.3. XSS will trigger and will be stored.## POC Imagehttps://imgur.com/kZDtIVz

WordPress Coru LFMember 1.0.2 Cross Site Scripting

WordPress WP-Invoice plugin version 4.3.1 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: WordPress Plugin  WP-Invoice - Stored Cross Site Scripting# Date: 25-04-2022# Exploit Author: Mariam Tariq - HunterSherlock# Vendor Homepage: https://wordpress.org/plugins/WP-Invoice/# Version: 4.3.1# Tested on: Firefox# Contact me: mariamtariq404@gmail.com# Vulnerable Code:``` wpi.business_name = '<?php echo ($wpi_settings['business_name']); ?>';``# POC1.  Install the WP-Invoice WordPress plugin and activate it.2. Go to WP-Invoice settings  and inside the Business Name field inject XSSpayload “><img src=x onerror=alert(1)>3. XSS will trigger and will be stored.## POC Imagehttps://imgur.com/rsHIEO9

WordPress WP-Invoice 4.3.1 Cross Site Scripting

Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings.

CVE-2022-29417: ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.

CVE-2022-0541

The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.

    # Exploit Title: WordPress Plugin cab-fare-calculator 1.0.3 - LocalFile Inclusion - Unauthenticated# Google Dork: inurl:/wp-content/plugins/cab-fare-calculator/# Date: 29-03-2022# Exploit Author: Hassan Khan Yusufzai - Splint3r7# Vendor Homepage: https://wordpress.org/plugins/cab-fare-calculator/# Version: 1.0.3# Tested on: Firefox# Contact me: h [at] spidersilk.com# Vulnerable File: tblight.php# Vulnerable Code:```if(!empty($_GET['controller']) && !empty($_GET['action']) &&!empty($_GET['ajax']) && $_GET['ajax'] == 1){    require_once('' . 'controllers/'.$_GET['controller'].'.php');}```# Proof of concept:http://localhost:10003//wp-content/plugins/cab-fare-calculator/tblight.php?controller=../../../../../../../../../../../etc/passwd%00&action=1&ajax=1<http://localhost:10003/wp-content/plugins/cab-fare-calculator/tblight.php?controller=../../../../../../../../../../../etc/index&action=1&ajax=1># POC image:https://prnt.sc/9O8_akDp2HPC

CVE-2022-1391: WordPress Cab-Fare-Calculator 1.0.3 Local File Inclusion ≈ Packet Storm

The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.

CVE-2021-25094

The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection

CVE-2022-0782

The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.

Tag

#php