Janobe Baby Care System — known CVE vulnerabilities
Every CVE whose affected-product data names Janobe Baby Care System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2022-28438 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=User&userid=.
CVE-2021-25779 — CVSS 9.8 (critical): Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.
CVE-2022-28439 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&action=delete&userid=4.
CVE-2022-28420 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=.
CVE-2022-28421 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=posts&action=display&value=1&postid=.
CVE-2022-28422 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=edit.
CVE-2022-28423 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete.
CVE-2022-28425 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=display&value=1&roleid=.
CVE-2022-28426 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=edit&roleid=.
CVE-2022-28427 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=read&msgid=.
CVE-2022-28429 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=.
CVE-2022-28431 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2.
CVE-2022-28432 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2.
CVE-2022-28433 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=.
CVE-2022-28434 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2.
CVE-2022-28435 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1…
CVE-2022-28436 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Hide&userid=.
CVE-2022-28437 — CVSS 9.8 (critical): Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3.
CVE-2021-25780 — CVSS 7.2 (high): An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an…
CVE-2025-12933 — CVSS 6.3 (medium): A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteop…
CVE-2020-35752 — CVSS 5.4 (medium): Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.
CVE-2025-12932 — CVSS 4.7 (medium): A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file…