A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability.

CVE-2023-4219

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-37690: CVES/CVE-2023-37690.txt at main · rt122001/CVES

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.

CVE-2023-37689: CVES/CVE-2023-37689.txt at main · rt122001/CVES

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.

**Online Nurse Hiring System using PHP and MySQL**

“Online Nurse Hiring System Project ” is a web based application that contains data and information of nurses. The main purpose of the “Online Nurse Hiring Management Project” is to systematically record, store and update the nurse’s records.

**Project Requirements**

Project Name

Online Nurse Hiring System in PHP

Language Used

PHP5.6, PHP7.x

Database

MySQL 5.x

User Interface Design

HTML, AJAX,JQUERY,JAVASCRIPT

Web Browser

Mozilla, Google Chrome, IE8, OPERA

Software

XAMPP / Wamp / Mamp/ Lamp (anyone)

**Project Modules**

In Online Nurse Hiring Management System we use PHP and MySQL database. This is the project which keeps records of nurses. Online Nurse Hiring System has two module i.e. admin and users.

**Admin Module**

**Dashboard**: In this section admin can briefly view total number of nurses, total new requests for nurses, the total accepted request for nurse and total rejected request for nurse.

**Nurse**: In this section, admin can manage the Nurse (add/update/delete).

**Nurse Request**: In this section, admin can view the nurse request which is sent by users and also have right to change the status of request.

**Report**: In this section, admin can view number of nurse request received in particular periods and also search nurse request according to booking number.

**Account Setting: In this section, admin can do following activity.**

**Profile**: In this section admin can update his/her profile.

**Change Password**: In this section admin can change his/her own passwords

**Logout**: Through this button admin can logout.

**Forgot Password:** In this section, admin can reset his/her password by using registered email id and contact number.

**Note**:  In this project MD5 encryption method used.

**Users**:

Users can send a nurse request.

****Some of the Project Screens****

**Home Page**

**Nurse Booking**

**Admin Login**

**Admin Dashboard**

**How to run the Online Nurse Hiring System (onhs) Project**

1\. Download the zip file

2\. Extract the file and copy onhs folder

3.Paste inside root directory(for xampp xampp/htdocs, for wamp wamp/www, for lamp var/www/HTML)

4.Open PHPMyAdmin (http://localhost/phpmyadmin)

5\. Create a database with the name onhsdb

6\. Import onhsdb.sql file(given inside the zip package in the SQL file folder)

7\. Run the script http://localhost/onhs

**Credential for Admin panel :**

**Username:** admin  
**Password:** Test@123

**View Demo**

Download Source Code (ONHS Project PHP)

Size: 33 MB

Version: V 1.0

**Project Report**

Anuj Kumar

Hi! I am Anuj Kumar, a professional web developer with 5+ years of experience in this sector. I found PHPGurukul in September 2015. My keen interest in technology and sharing knowledge with others became the main reason for starting PHPGurukul. My basic aim is to offer all web development tutorials like PHP, PDO, jQuery, PHP oops, MySQL, etc. Apart from the tutorials, we also offer you PHP Projects, and we have around 100+ PHP Projects for you.

CVE-2023-37686: Online Nurse Hiring Management System | Nurse Hiring Management Project in PHP

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php.

Submitted by oretnom23 on Friday, December 2, 2022 - 14:30.

This project is entitled **Judging Management System**. It is a web-based application that was developed using **PHP Language** and **MySQL Database**. The application provides an online and automated judging system. I manage certain organizations' event contests. It has a pleasant user interface and consists of user-friendly features and functionalities.

****How does the Judging Management System work?****

**The Judging Management System** is an automated or electronic platform for managing and tallying certain contest scoring. This application allows certain organization management or staff to register on the system for free. **Organizer** or user can simply create their account by filling in all the required fields on the registration form. Registered organizers can create multiple events and sub-events. They can list the event contestants, judges, and criteria if the sub-event is activated. Judges can manage the score of the contestant using the system-generated judge code. The system also contains an Overall tally, tally by judges, contestant ranking, and event placing features.

****Features and Functionalities****

The **Judging Management System** project is consist of the following features and functionalities.

****Organizers****

*   **Manage Event List**
*   **Manage Sub-Event**
*   **Manage Sub-Event Settings**
    *   List of Contestant
    *   List of Judges
    *   Criteria Management
*   **Score Sheets Management**
    *   Live View of Scores
    *   View Contestant Scores per Judges
    *   Deduct Contestant Point(s)
    *   Generate Final Result
    *   Generate Over All Result
*   **Review Data**
*   **Manage Organizer's Basic and Company Information**
*   **Add/Edit Tabulator User**

****Tabulator****

*   **Live View of Scores**
*   **View Contestant Scores per Judges**
*   **Deduct Contestant Point(s)**
*   **Generate Final Result**
*   **Generate Over All Result**

****Judges****

*   **Manage Contestant Score**
*   **Update Contestant Score**
*   **View Tally**

****Snapshots****

Here are some snapshots of some pages of the **Judging Management System**

****Event List****

****Event's List of Judges****

****Judge Panel's Scoring Page****

****Judge Panel's Tally Page****

****Event's Contestant Scores Per Judge****

The **Judging Management System** project source code is available on this website. The source code is a modified copy and not developed from scratch _(unmodified copy was downloaded from http://freeproject24.com/php-judging-system-with-source-code-freeproject24/)_. Feel free to download the modified copy on this site.

****How to Run?****

****Requirements****

*   **Download** and **Install** any **local web server** such as **XAMPP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)

****System Installation/Setup****

1.  **Open** your **XAMPP Control Panel** and start ****Apache**** and ****MySQL****.
2.  **Extract** the **downloaded source code **zip** file**.
3.  **Copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**.
4.  **Browse** the ****PHPMyAdmin**** in a **browser**. i.e. ****http://localhost/phpmyadmin****
5.  **Create** a **new database** named ****jms\_db****.
6.  **Import** the provided ****SQL**** file. The file is known as ****jms\_db.sql**** located inside the **db** folder.
7.  **Browse** the **Judging Management System** in a **browser**. i.e. ****http://localhost/php-jms/****.

You can simply create your own organizer user by registering on the system.

That's it! I hope this **Judging Management System in PHP and MySQL Database Project** helps you with what you are looking for and that you'll find something useful also from the source code itself for your current and future **PHP Projects**.

Explore more on this website for more **Tutorials** and **Free Source Codes**.

****Enjoy :)****

*   4543 views

CVE-2023-37682: Judging Management System using PHP and MySQL Free Source Code

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection.This issue affects Online Collection Software: before 1.0.1.



CVE-2023-3716

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before 1.02.



CVE-2023-3717

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges.

%PDF-1.5 %���� 51 0 obj << /Length 2404 /Filter /FlateDecode >> stream xڵY\[s�H~���mPU��;tj\_�qy6N2���T22�6;i�&�~��n$����f�� }�;��h���������4�!Fs�����X� 2�(�i�-e�,-��9��p�&�����0�~����kV�aQ��/=�澵��r>\]%���p\_��=���u� ��"�\`A2;�� ���׀a�\`m��R ����<��vF=S��Eً�&4��hƒ�HnHZ�(0A������!L�^@��sq-��}��R��>�K�xsv��!R�}H�Y��#���6��T��z�$�F�9\[)���E���?���Gb��6�/M�U^���c�gU�������OaD�,H� M��cD00�y��=\`4L��#��'�W��K�I��������?+:�kM�>ɂ��h�Y/�� �H�6�!ƫ��ۛ�O��

CVE-2023-27411

Categories: Personal
Tags: letmespy

Tags:  stalkerware

Tags:  spy

Tags:  snoop

Tags:  install

Tags:  data

Tags:  breach

Tags:  hacked

We take a look at reports of an app called LetMeSpy facing an imminent shutdown after a server breach and data deletion incident.



(Read more...)




The post Server breach could be fatal blow for LetMeSpy appeared first on Malwarebytes Labs.

A mobile app designed to let people spy on others will shortly be going out of business after a server breach and mass deletion incident. The app, LetMeSpy, sits silently and invisibly on a phone and collects call logs, location data, and even text messages.

This kind of program is commonly referred to as stalkerware. As the name suggests, people aren’t doing anything good with this kind of software. You’ll most commonly see it on Android devices, put there by someone with temporary physical access. Depending on the program, it may access phone records, texts, photos, camera, microphone, GPS…you name it, it can possibly do it.

The device owner will have no idea that this is going on, because these programs come with no app icon and stay hidden.

A domestic abuser or someone up to no good generally installs the app on the phone without the victim’s consent or knowledge. Once done, it can be used to keep track of the person for as long as it remains on the device.

In this case, LetMeSpy first made notification of the breach in June, with the following message:

> On June 21, 2023, a security incident occurred involving obtaining unauthorized access to the data of website users.

As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts. For 100% clarity: Everything collected from mobile devices where the owner wouldn’t have been aware LeMeSpy was present in the first place.

Given that someone with this app on their phone could potentially be in a perilous position to begin with, it’s even worse that such an individual would have their data stolen in this way. Polish site Niebezpiecznik, which first reported the breach, said that the database dumped online contained:

*   26,000+ email addresses of the tool's "operators" along with hashes of their passwords.
*   16,000+ text messages, including passwords and codes for various services.
*   Telephone numbers of people who had contacted the tracked phones.
*   Telephone numbers of the people whom the tracked phone owner had called (along with the names associated with them in the contacts list).
*   A database dump in SQL format, containing more data, including locations.

A terrible situation, needlessly caused by an app most folks wouldn’t want on their devices.

Well, it seems the breach was a step too far for LetMeSpy too. So much data was deleted that new users are now blocked from creating an account. A permanent shutdown will take place in August. TechCrunch notes that the app is no longer available for download, and currently installed versions seem to be completely dead, as per a network traffic analysis.

A nonprofit transparency collective called DDoSecrets told TechCrunch that the app had been used to steal data from more than 13,000 compromised devices “until recently”. This is quite a bit lower than the 236k devices the LetMeSpy website claimed to be residing on.

We recently covered the LetMeSpy hack on our Lock and Code podcast, asking (among other things) if there’s ever a situation where a hack like this could be considered “good”.

**How to prevent spyware and stalkerware-type apps**

*   Set a screen lock on your phone and don't let anyone else access it
*   Keep your phone up-to-date. Make sure you're always on the latest version of your phone's software.
*   Use an antivirus on your phone. Malwarebytes for Android shows you exactly what information you're sharing with each app on Android, so you can keep an eye on your privacy. Malwarebytes detects the LetMeSpy app as Android/Monitor.LetMeSpy.

**Coalition Against Stalkerware**

Malwarebytes is a founding member of the Coalition Against Stalkerware. We continue to share intelligence with the Coalition Against Stalkerware to improve industry-wide detections while also guiding the domestic abuse support networks within the coalition through thorny, technical questions of detection, removal, and prevention.

**We don’t just report on Android security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your Android devices by downloading Malwarebytes for Android today.

Server breach could be fatal blow for LetMeSpy

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.


Tag

#sql