Oretnom23 Clinic S Patient Management System vulnerabilities

27 known vulnerabilities affecting oretnom23/clinic_s_patient_management_system.

Total CVEs
27
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH2MEDIUM17

Vulnerabilities

Page 2 of 2
CVE-2022-36251MEDIUMCVSS 6.1v1.02022-08-22
CVE-2022-36251 [MEDIUM] CWE-79 CVE-2022-36251: Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php.
nvd
CVE-2022-35117MEDIUMCVSS 4.8v1.02022-08-17
CVE-2022-35117 [MEDIUM] CWE-79 CVE-2022-35117: Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulne Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical Details module.
nvd
CVE-2022-36242CRITICALCVSS 9.8v1.02022-08-16
CVE-2022-36242 [CRITICAL] CWE-89 CVE-2022-36242: Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php? Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=.
nvd
CVE-2022-36270CRITICALCVSS 9.8v1.02022-08-10
CVE-2022-36270 [CRITICAL] CVE-2022-36270: Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php. Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php.
nvd
CVE-2022-36750CRITICALCVSS 9.8v1.02022-08-10
CVE-2022-36750 [CRITICAL] CWE-89 CVE-2022-36750: Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=. Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=.
nvd
CVE-2022-2298CRITICALCVSS 9.8v2.02022-07-12
CVE-2022-2298 [CRITICAL] CWE-89 CVE-2022-2298: A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classifie A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the argument user_name with the input admin' or '1'='1 leads to sql injection. The attack can be launc
nvd
CVE-2022-2297HIGHCVSS 8.8v2.02022-07-12
CVE-2022-2297 [HIGH] CWE-434 CVE-2022-2297: A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Manag A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been
nvd
← Previous2 / 2