cbcvebase.

Fad Solutions Drzes Hms vulnerabilities

4 known vulnerabilities affecting fad_solutions/drzes_hms.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2005-4136P4MEDIUMCVSS 4.3PoCv3.22005-12-09
CVE-2005-4136 [MEDIUM] CVE-2005-4136: Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to in Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter.
nvd
CVE-2005-4137P4HIGHCVSS 7.5v3.22005-12-09
CVE-2005-4137 [HIGH] CVE-2005-4137: SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute a SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute arbitrary SQL commands via the invoiceID parameter.
nvd
CVE-2005-4366P4MEDIUMCVSS 6.4v3.22005-12-20
CVE-2005-4366 [MEDIUM] CVE-2005-4366: Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID par
nvd
CVE-2005-4367P4MEDIUMCVSS 5.8v3.22005-12-20
CVE-2005-4367 [MEDIUM] CVE-2005-4367: Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attac Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later reported to affect CONTROLzx (renamed from DRZES) 3.3.4.
nvd
Fad Solutions Drzes Hms vulnerabilities | cvebase