Online Diagnostic Lab Management System
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-51430 | Med | 0.42 | 6.4 | 0.01 | Oct 31, 2024 | Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component. | ||
| CVE-2024-26492 | 0.00 | — | 0.01 | Mar 7, 2024 | An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters. | |||
| CVE-2022-43162 | 0.00 | — | 0.01 | Nov 17, 2022 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php. | |||
| CVE-2022-41533 | 0.00 | — | 0.01 | Oct 13, 2022 | Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||
| CVE-2022-41534 | 0.00 | — | 0.01 | Oct 13, 2022 | Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||
| CVE-2022-41512 | 0.00 | — | 0.01 | Oct 7, 2022 | An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||
| CVE-2022-42074 | 0.00 | — | 0.01 | Oct 7, 2022 | Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. | |||
| CVE-2022-37151 | 0.00 | — | 0.01 | Aug 26, 2022 | There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0. | |||
| CVE-2022-37152 | 0.00 | — | 0.01 | Aug 26, 2022 | An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client" | |||
| CVE-2022-37150 | 0.00 | — | 0.00 | Aug 26, 2022 | An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters. |
- risk 0.42cvss 6.4epss 0.01
Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component.
- CVE-2024-26492Mar 7, 2024risk 0.00cvss —epss 0.01
An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters.
- CVE-2022-43162Nov 17, 2022risk 0.00cvss —epss 0.01
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php.
- CVE-2022-41533Oct 13, 2022risk 0.00cvss —epss 0.01
Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
- CVE-2022-41534Oct 13, 2022risk 0.00cvss —epss 0.01
Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
- CVE-2022-41512Oct 7, 2022risk 0.00cvss —epss 0.01
An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
- CVE-2022-42074Oct 7, 2022risk 0.00cvss —epss 0.01
Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=.
- CVE-2022-37151Aug 26, 2022risk 0.00cvss —epss 0.01
There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0.
- CVE-2022-37152Aug 26, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client"
- CVE-2022-37150Aug 26, 2022risk 0.00cvss —epss 0.00
An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters.