Filtered by vendor Cliniccases
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38706 | 1 Cliniccases | 1 Cliniccases | 2021-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter. | |||||
| CVE-2021-38705 | 1 Cliniccases | 1 Cliniccases | 2021-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker. | |||||