Filtered by vendor Online Covid Vaccination Scheduler System Project
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41930 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2024-11-21 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php. | ||||
| CVE-2021-37803 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2024-11-21 | 8.1 High |
| An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php . | ||||
| CVE-2021-36622 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2024-11-21 | 9.8 Critical |
| Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell. | ||||
| CVE-2021-36621 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2024-11-21 | 8.1 High |
| Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator. | ||||
Page 1 of 1.