Filtered by vendor Janobe Subscriptions
Filtered by product Baby Care System Subscriptions
Total 21 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-25780 1 Janobe 1 Baby Care System 2025-11-18 7.2 High
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.
CVE-2022-28431 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2.
CVE-2022-28432 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2.
CVE-2022-28434 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2.
CVE-2022-28436 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Hide&userid=.
CVE-2022-28437 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3.
CVE-2022-28438 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=User&userid=.
CVE-2022-28435 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1.
CVE-2022-28420 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=.
CVE-2022-28423 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete.
CVE-2022-28433 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=.
CVE-2022-28422 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=edit.
CVE-2022-28421 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=posts&action=display&value=1&postid=.
CVE-2022-28426 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=edit&roleid=.
CVE-2022-28427 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=read&msgid=.
CVE-2022-28429 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=.
CVE-2022-28439 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&action=delete&userid=4.
CVE-2022-28424 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=.
CVE-2022-28425 1 Janobe 1 Baby Care System 2025-11-18 9.8 Critical
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=display&value=1&roleid=.
CVE-2025-12932 2 Janobe, Sourcecodester 2 Baby Care System, Baby Care System 2025-11-17 4.7 Medium
A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. This manipulation of the argument msgid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.