cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-8565,https://securityvulnerability.io/vulnerability/CVE-2024-8565,SQL Injection Vulnerability in SourceCodesters Clinics Patient Management System,"A critical vulnerability has been discovered in the Clinics Patient Management System, specifically in version 2.0. The flaw resides in the processing of parameters in the /print_diseases.php file, allowing for SQL injection attacks through the manipulation of the 'disease/from/to' arguments. This vulnerability can be exploited remotely, putting any system utilizing this software at risk. If successfully exploited, attackers could gain unauthorized access to the database, retrieve sensitive information, or manipulate data, leading to severe security ramifications. Immediate action is advised to patch affected systems and review security measures.",Sourcecodesters,Clinics Patient Management System,9.8,CRITICAL,0.0010100000072270632,false,,false,false,true,2024-09-07T21:31:04.000Z,true,false,false,,2024-09-07T22:31:04.048Z,0
CVE-2024-8555,https://securityvulnerability.io/vulnerability/CVE-2024-8555,SourceCodester Patient Management System Vulnerable to Open Redirect Attack,A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.,Sourcecodester,Clinics Patient Management System,6.1,MEDIUM,0.0010100000072270632,false,,false,false,true,2024-09-07T13:31:04.000Z,true,false,false,,2024-09-07T14:31:04.341Z,0
CVE-2024-8554,https://securityvulnerability.io/vulnerability/CVE-2024-8554,Cross Site Scripting Vulnerability in SourceCodester Clinics Patient Management System 2.0,A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.,Sourcecodester,Clinics Patient Management System,5.4,MEDIUM,0.0007600000244565308,false,,false,false,true,2024-09-07T12:31:05.000Z,true,false,false,,2024-09-07T13:31:05.079Z,0
CVE-2024-7930,https://securityvulnerability.io/vulnerability/CVE-2024-7930,SQL Injection Vulnerability in SourceCodester Clinics Patient Management System,"A serious vulnerability has been identified in the SourceCodester Clinics Patient Management System version 1.0, specifically in the /pms/ajax/get_packings.php file. The flaw arises from improper handling of the medicine_id parameter, which allows for SQL injection attacks. This remote exploitation can lead to unauthorized access to the database, resulting in potential data breaches, data manipulation, or denial of service. Given that this vulnerability has been publicly disclosed, it poses a significant risk to systems running the affected version. Immediate remediation is advised to safeguard sensitive patient information.",SourceCodester,Clinic Patient Management System,8.8,HIGH,0.0016400000313296914,false,,false,false,false,,,false,false,,2024-08-19T22:15:00.000Z,0
CVE-2024-7841,https://securityvulnerability.io/vulnerability/CVE-2024-7841,SQL Injection Vulnerability in SourceCodester Clinics Patient Management System,"A serious SQL injection vulnerability has been identified in the Clinics Patient Management System version 1.0 by SourceCodester. This vulnerability exists in the /pms/ajax/check_user_name.php file, where improper validation of the 'user_name' input can allow unauthorized remote attackers to execute arbitrary SQL commands. Due to this weakness, an attacker could manipulate the user name parameter to gain unauthorized access to the database, potentially compromising sensitive data. Immediate action is recommended to patch the affected systems and mitigate the risk of exploitation.",SourceCodester,Clinics Patient Management System,7.5,HIGH,0.0019199999514967203,false,,false,false,false,,,false,false,,2024-08-15T22:15:00.000Z,0
CVE-2024-7753,https://securityvulnerability.io/vulnerability/CVE-2024-7753,Remotely Exploitable Vulnerability in SourceCodester Clinics Patient Management System,"A vulnerability exists within the SourceCodester Clinics Patient Management System version 1.0, specifically affecting the code handling the '/user_images/' directory. This vulnerability permits attackers to manipulate direct requests, potentially enabling unauthorized access to sensitive components of the system. The exploit is accessible for remote execution, and detailed information about this flaw has been publicly disclosed, highlighting its significance within the cybersecurity landscape.",Sourcecodester,Clinics Patient Management System,7.5,HIGH,0.0029200001154094934,false,,false,false,true,2024-08-14T00:15:00.000Z,true,false,false,,2024-08-14T01:15:00.000Z,0
CVE-2024-7754,https://securityvulnerability.io/vulnerability/CVE-2024-7754,SQL Injection Vulnerability in SourceCodester Clinics Patient Management System,"A serious SQL injection vulnerability has been identified in the SourceCodester Clinics Patient Management System version 1.0, specifically targeting the file /ajax/check_medicine_name.php. This flaw arises from improper handling of the user_name argument, allowing an attacker to execute arbitrary SQL commands remotely. Such exploitation could lead to unauthorized access to sensitive data, making it crucial for users of this system to apply security patches or mitigations promptly. The threat has been publicly disclosed, increasing the urgency for affected organizations to ensure their systems are fortified against potential intrusions.",SourceCodester,Clinics Patient Management System,7.5,HIGH,0.0019199999514967203,false,,false,false,false,,,false,false,,2024-08-14T01:15:00.000Z,0
CVE-2024-7752,https://securityvulnerability.io/vulnerability/CVE-2024-7752,Cross Site Scripting Vulnerability in Clinics Patient Management System 1.0,A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /update_medicine.php. The manipulation of the argument medicine_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.,Sourcecodester,Clinics Patient Management System,6.1,MEDIUM,0.001180000021122396,false,,false,false,true,2024-08-13T23:15:00.000Z,true,false,false,,2024-08-14T00:15:00.000Z,0
CVE-2024-7750,https://securityvulnerability.io/vulnerability/CVE-2024-7750,SQL Injection Vulnerability in SourceCodester Clinics Patient Management System,"A critical SQL Injection vulnerability has been identified in the SourceCodester Clinics Patient Management System version 1.0. This security flaw affects the '/medicines.php' file, where improper handling of the 'medicine_name' parameter allows attackers to inject arbitrary SQL queries. This vulnerability can be exploited remotely, posing a significant risk to user data integrity and application security. Due to its public disclosure, organizations using this affected version should take immediate actions to mitigate the risk associated with this SQL Injection vulnerability. Users are urged to apply security patches or workarounds as soon as they become available.",Sourcecodester,Clinics Patient Management System,7.5,HIGH,0.0019199999514967203,false,,false,false,true,2024-08-13T22:15:00.000Z,true,false,false,,2024-08-13T23:15:00.000Z,0
CVE-2024-7751,https://securityvulnerability.io/vulnerability/CVE-2024-7751,SQL Injection Vulnerability in SourceCodester Clinics Patient Management System,"A severe SQL injection vulnerability exists in the SourceCodester Clinics Patient Management System version 1.0, specifically within the /update_medicine.php file. This vulnerability arises from improper handling of the 'hidden_id' parameter, enabling attackers to manipulate SQL queries. Exploitation of this vulnerability could allow remote attackers to gain unauthorized access to sensitive data, making it crucial for organizations using this software to apply the necessary updates and patches. The exploit has been publicized, increasing the risk of attacks. Vigilance is necessary to safeguard against potential threats.",SourceCodester Clinics,Clinics Patient Management System,7.5,HIGH,0.0019199999514967203,false,,false,false,false,,,false,false,,2024-08-13T23:15:00.000Z,0
CVE-2024-7645,https://securityvulnerability.io/vulnerability/CVE-2024-7645,Cross-Site Request Forgery vulnerability in SourceCodester Clinics Patient Management System,"A vulnerability exists in the user page of SourceCodester's Clinics Patient Management System 1.0, specifically in the users.php file. This weakness allows an attacker to perform cross-site request forgery (CSRF) attacks, which can be initiated remotely. If exploited, the attacker could manipulate user actions without their consent, leading to unauthorized actions or data exposure. The nature of this vulnerability requires attention as its public disclosure may increase the risk of exploitation in various environments.",Sourcecodester,Clinics Patient Management System,5.4,MEDIUM,0.001180000021122396,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7494,https://securityvulnerability.io/vulnerability/CVE-2024-7494,SQL Injection Vulnerability in Patient Management System Could Lead to Remote Exploitation,"A SQL Injection vulnerability exists in the SourceCodester Clinics Patient Management System version 1.0, specifically in the /new_prescription.php file. This weakness allows an attacker to manipulate the 'patient' argument, possibly leading to unauthorized access to sensitive information contained within the database. The exploit can be executed remotely, heightening the risk of unauthorized data exposure and compromise. Given that the vulnerability has been publicly disclosed, it is essential for users of the affected software to apply relevant security measures promptly.",SourceCodester,Clinic\'s Patient Management System,9.8,CRITICAL,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-08-05T23:15:00.000Z,0
CVE-2024-7454,https://securityvulnerability.io/vulnerability/CVE-2024-7454,SQL Injection Vulnerability in SourceCodester Clinics Patient Management System,"A critical vulnerability has been identified in the SourceCodester Clinics Patient Management System version 1.0, specifically within the patient_name function in the patients.php file. This flaw allows an attacker to manipulate input leading to SQL injection, which opens doors for unauthorized data access and potential data compromise. The vulnerability can be exploited remotely, which heightens the urgency for remediation. Given that this issue has been publicly disclosed, organizations utilizing the affected version of the product must act swiftly to secure their systems and protect sensitive patient information.",Sourcecodester,Clinics Patient Management System,9.8,CRITICAL,0.0016700000269338489,false,,false,false,true,2024-08-04T08:00:09.000Z,true,false,false,,2024-08-04T09:00:09.255Z,0
CVE-2024-6969,https://securityvulnerability.io/vulnerability/CVE-2024-6969,SQL Injection Vulnerability in SourceCodester Clinics Patient Management System,"A critical SQL injection vulnerability has been identified in SourceCodester's Clinics Patient Management System version 1.0. This vulnerability exists due to improper handling of the 'patient_id' parameter within the '/ajax/get_patient_history.php' file. Attackers can exploit this weakness by submitting crafted requests that manipulate the 'patient_id' value, potentially allowing unauthorized access to sensitive patient data. The vulnerability is remote and doesn't require authentication, making it particularly dangerous. Since the exploit has been publicly disclosed, organizations using this system are urged to apply patches or implement mitigations immediately. For detailed technical analysis and indicators of compromise, refer to the available resources.",Sourcecodester,Clinics Patient Management System,7.5,HIGH,0.0006799999973736703,false,,false,false,true,2024-07-22T02:31:04.000Z,true,false,false,,2024-07-22T03:31:04.086Z,0
CVE-2024-6968,https://securityvulnerability.io/vulnerability/CVE-2024-6968,SQL Injection Vulnerability in SourceCodester Clinics Patient Management System,"A critical SQL injection vulnerability has been identified in SourceCodester Clinics Patient Management System version 1.0, specifically within the /print_patients_visits.php file. This vulnerability arises from improper validation of user inputs, allowing attackers to manipulate arguments from/to and execute unauthorized SQL commands. The attack can be initiated remotely, putting sensitive patient data at risk of exposure. Publicly disclosed exploit details have raised concerns, making it imperative for users to apply necessary security measures immediately. Organizations using this system should prioritize implementing patches or migrating to safer alternatives to safeguard their data integrity.",Sourcecodester,Clinics Patient Management System,7.5,HIGH,0.0006799999973736703,false,,false,false,true,2024-07-22T02:00:04.000Z,true,false,false,,2024-07-22T03:00:04.942Z,0
CVE-2023-1035,https://securityvulnerability.io/vulnerability/CVE-2023-1035,SourceCodester Clinics Patient Management System update_user.php sql injection,"A SQL injection vulnerability exists in the SourceCodester Clinics Patient Management System 1.0 due to improper handling of the user_id parameter in the update_user.php file. This issue allows an attacker to execute arbitrary SQL commands, which can potentially compromise the database. The vulnerability can be exploited remotely, creating a significant security risk. Users are advised to apply patches or updates provided by the vendor to mitigate the risk associated with this SQL injection vulnerability.",SourceCodester,Clinics Patient Management System,8.8,HIGH,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-02-25T08:15:00.000Z,0
CVE-2022-3122,https://securityvulnerability.io/vulnerability/CVE-2022-3122,SourceCodester Clinics Patient Management System medicine_details.php sql injection,A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability.,Sourcecodester,Clinics Patient Management System,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2022-09-05T13:50:12.000Z,0
CVE-2022-3120,https://securityvulnerability.io/vulnerability/CVE-2022-3120,SourceCodester Clinics Patient Management System Login index.php sql injection,A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-207847.,Sourcecodester,Clinics Patient Management System,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2022-09-05T06:45:12.000Z,0
CVE-2022-2298,https://securityvulnerability.io/vulnerability/CVE-2022-2298,SourceCodester Clinics Patient Management System Login Page index.php sql injection,A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the argument user_name with the input admin' or '1'='1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.,Sourcecodester,Clinics Patient Management System,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2022-07-12T16:22:27.000Z,0
CVE-2022-2297,https://securityvulnerability.io/vulnerability/CVE-2022-2297,SourceCodester Clinics Patient Management System unrestricted upload,"A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input <?php phpinfo();?> leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",Sourcecodester,Clinics Patient Management System,8.8,HIGH,0.0011399999493733048,false,,false,false,false,,,false,false,,2022-07-12T16:22:14.000Z,0