Security Vulnerabilities - CVEs Published In June 2024
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-06-18
Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info page.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-06-18
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-06-18
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-06-18
This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center.
This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction.
Atlassian recommends that Jira Core Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
Jira Core Data Center 9.4: Upgrade to a release greater than or equal to 9.4.21
Jira Core Data Center 9.12: Upgrade to a release greater than or equal to 9.12.8
Jira Core Data Center 9.16: Upgrade to a release greater than or equal to 9.16.0
See the release notes. You can download the latest version of Jira Core Data Center from the download center.
This vulnerability was found internally.
CVSS Score
7.4
EPSS Score
0.01
Published
2024-06-18
CodeProjects Restaurant Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the reserv_id parameter at view_reservations.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-06-18
A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268868.
CVSS Score
6.9
EPSS Score
0.001
Published
2024-06-18
IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-06-18
A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268867.
CVSS Score
6.9
EPSS Score
0.001
Published
2024-06-18
A vulnerability classified as critical has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268857 was assigned to this vulnerability.
CVSS Score
6.9
EPSS Score
0.001
Published
2024-06-18