Ritesh Sahu - Security Researcher - Exploit Intelligence Platform

CVE-2023-37068 NOMISEC CRITICAL WRITEUP

Gym Management System V1.0 - SQL Injection via Login Form

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.

CVSS 9.8

View Code

CVE-2023-37068 WRITEUP CRITICAL WRITEUP

Gym Management System V1.0 - SQL Injection via Login Form

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.

CVSS 9.8

View Code

CVE-2023-37068 WRITEUP CRITICAL WRITEUP

Gym Management System V1.0 - SQL Injection via Login Form

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.

CVSS 9.8

View Code

CVE-2023-37069 WRITEUP CRITICAL WRITEUP

Online Hospital Management System V1.0 - SQL Injection via Login ID and Password Fields

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code.

CVSS 9.8

View Code

CVE-2023-37069 WRITEUP CRITICAL WRITEUP

Online Hospital Management System V1.0 - SQL Injection via Login ID and Password Fields

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code.

CVSS 9.8

View Code

CVE-2023-37070 WRITEUP MEDIUM WRITEUP

Code Projects Hospital Information System 1.0 - Cross-Site Scripting

Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)

CVSS 4.8

View Code

CVE-2023-37070 WRITEUP MEDIUM WRITEUP

Code Projects Hospital Information System 1.0 - Cross-Site Scripting

Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)

CVSS 4.8

View Code