» 2021 » 6월

CVE-2020-22171

Posted on 2021년 6월 23일2021년 6월 23일 by admin

CVE-2020-22171

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmsregistration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: CVE-2020-22171

CVE-2020-22166

Posted on 2021년 6월 23일2021년 6월 23일 by admin

CVE-2020-22166

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmsforgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: CVE-2020-22166

CVE-2020-22167

Posted on 2021년 6월 23일2021년 6월 23일 by admin

CVE-2020-22167

PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in hmsadminappointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.

Source: CVE-2020-22167

CVE-2020-22165

Posted on 2021년 6월 23일2021년 6월 23일 by admin

CVE-2020-22165

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmsuser-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: CVE-2020-22165

CVE-2020-22164

Posted on 2021년 6월 23일2021년 6월 23일 by admin

CVE-2020-22164

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmscheck_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: CVE-2020-22164

CVE-2020-18647

Posted on 2021년 6월 23일2021년 6월 23일 by admin

CVE-2020-18647

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor".

Source: CVE-2020-18647

CVE-2020-18648

Posted on 2021년 6월 23일2021년 6월 23일 by admin

CVE-2020-18648

Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component "JuQingCMS_v1.0/admin/index.php?c=administrator&a=add".

Source: CVE-2020-18648

CVE-2020-18646

Posted on 2021년 6월 23일2021년 6월 23일 by admin

CVE-2020-18646

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".

Source: CVE-2020-18646

CVE-2020-15732

Posted on 2021년 6월 23일2021년 6월 23일 by admin

CVE-2020-15732

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.

Source: CVE-2020-15732

CVE-2021-35206

Posted on 2021년 6월 22일2021년 6월 23일 by admin

CVE-2021-35206

Gitpod before 0.6.0 allows unvalidated redirects.

Source: CVE-2021-35206