6.9
CVE-2024-10995 - Codezips Hospital Appointment System removeDoctorResult.php sql injection
A vulnerability was found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /removeDoctorResult.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit β¦
5.3
CVE-2024-10994 - Codezips Online Institute Management System edit_user.php unrestricted upload
A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remoteβ¦
9.6
CVE-2024-7982 - Registrations for The Events Calendar < 2.12.4 - Unauthenticated Stored XSS
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
6.4
CVE-2024-10621 - Simple Shortcode for Google Maps <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scriptinβ¦
The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pw_map shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for autβ¦
5.3
CVE-2024-10993 - Codezips Online Institute Management System manage_website.php unrestricted upload
A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotelyβ¦
6.9
CVE-2024-10991 - Codezips Hospital Appointment System editBranchResult.php sql injection
A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit β¦
8.7
CVE-2024-21538 - cross-spawn: regular expression denial of service
Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
5.3
CVE-2024-10990 - SourceCodester Online Veterinary Appointment System view_service.php sql injection
A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exβ¦
5.3
CVE-2024-10989 - code-projects E-Health Care System detail.php sql injection
A vulnerability classified as critical has been found in code-projects E-Health Care System 1.0. This affects an unknown part of the file /Admin/detail.php. The manipulation of the argument s_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed tβ¦
6.9
CVE-2024-10988 - code-projects E-Health Care System doctor_login.php sql injection
A vulnerability was found in code-projects E-Health Care System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Doctor/doctor_login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The explβ¦