Security Vulnerabilities - CVEs Published In March 2024
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php.
CVSS Score
2.7
EPSS Score
0.001
Published
2024-03-07
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-03-07
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*" which can be escalated to the remote command execution.
CVSS Score
8.4
EPSS Score
0.005
Published
2024-03-07
code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter for "Employer."
CVSS Score
9.8
EPSS Score
0.002
Published
2024-03-07
code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via /Employer/DeleteJob.php?JobId=1.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-03-07
Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-03-07
JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.
CVSS Score
9.3
EPSS Score
0.003
Published
2024-03-07
remote code execution in paddlepaddle/paddle 2.6.0
CVSS Score
9.4
EPSS Score
0.018
Published
2024-03-07
The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where an uploaded PHP file may not be directly accessible.
CVSS Score
8.8
EPSS Score
0.01
Published
2024-03-07
The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.002
Published
2024-03-07