Baby Care System
by Janobe
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-12933 | Med | 0.41 | 6.3 | 0.00 | Nov 10, 2025 | A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is… | ||
| CVE-2025-12932 | Med | 0.31 | 4.7 | 0.00 | Nov 10, 2025 | A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. This manipulation of the argument msgid causes sql injection. The attack can be initiated remotely. The exploit has been… | ||
| CVE-2022-28420 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=. | |||
| CVE-2022-28423 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete. | |||
| CVE-2022-28424 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=. | |||
| CVE-2022-28431 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2. | |||
| CVE-2022-28432 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2. | |||
| CVE-2022-28433 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=. | |||
| CVE-2022-28434 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2. | |||
| CVE-2022-28435 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1. | |||
| CVE-2022-28437 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3. | |||
| CVE-2022-28439 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&action=delete&userid=4. | |||
| CVE-2020-35752 | 0.00 | — | 0.01 | Mar 10, 2021 | Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter. | |||
| CVE-2021-25780 | 0.00 | — | 0.02 | Feb 17, 2021 | An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell. | |||
| CVE-2021-25779 | 0.00 | — | 0.01 | Feb 17, 2021 | Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page. |
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is…
- risk 0.31cvss 4.7epss 0.00
A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. This manipulation of the argument msgid causes sql injection. The attack can be initiated remotely. The exploit has been…
- CVE-2022-28420Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=.
- CVE-2022-28423Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete.
- CVE-2022-28424Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=.
- CVE-2022-28431Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2.
- CVE-2022-28432Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2.
- CVE-2022-28433Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=.
- CVE-2022-28434Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2.
- CVE-2022-28435Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1.
- CVE-2022-28437Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3.
- CVE-2022-28439Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&action=delete&userid=4.
- CVE-2020-35752Mar 10, 2021risk 0.00cvss —epss 0.01
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.
- CVE-2021-25780Feb 17, 2021risk 0.00cvss —epss 0.02
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.
- CVE-2021-25779Feb 17, 2021risk 0.00cvss —epss 0.01
Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.