CVE-2024-6418

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
CVSS v2 Score
7.5
High
Weakness Type
CWE-89
View all →

Vulnerability Description

A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file /classes/Users.php?f=register_user. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270009 was assigned to this vulnerability.

Related Vulnerabilities

CVE-2017-16733

MEDIUM
CVSS:5.3(Medium)

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information f...

CWE-892017

CVE-2017-16735

MEDIUM
CVSS:5.3(Medium)

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.

CWE-892017

CVE-2018-17542

MEDIUM
CVSS:5.3(Medium)

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter ...

CWE-892018

CVE-2018-5443

MEDIUM
CVSS:5.3(Medium)

A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.

CWE-892018

CVE-2019-14430

MEDIUM
CVSS:5.3(Medium)

plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.

CWE-892019

CVE-2019-3797

MEDIUM
CVSS:5.3(Medium)

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more resul...

CWE-892019