VYPR

Hospital Management System

by Phpgurukul

CVEs (59)

  • CVE-2025-56214CriAug 25, 2025
    risk 0.64cvss 9.8epss 0.00

    phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.

  • CVE-2025-56212CriAug 25, 2025
    risk 0.64cvss 9.8epss 0.00

    phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.

  • CVE-2025-56216HigAug 25, 2025
    risk 0.55cvss 8.5epss 0.00

    phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.

  • CVE-2025-8955HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-8954HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The…

  • CVE-2025-7604HigJul 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack can be…

  • CVE-2025-7176HigJul 8, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid leads to sql injection. The attack can be…

  • CVE-2025-56215MedAug 25, 2025
    risk 0.42cvss 6.5epss 0.00

    phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter.

  • CVE-2026-1550MedJan 28, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation results in improper…

  • CVE-2025-6570MedJun 24, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may…

  • CVE-2026-36388MedMay 7, 2026
    risk 0.35cvss 5.4epss 0.00

    A Cross-Site Scripting (XSS) vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker (patient) to inject a malicious script payload into the User Name parameter, which is stored…

  • CVE-2026-2179MedFeb 8, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly…

  • CVE-2026-2134MedFeb 8, 2026
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote.…

  • CVE-2025-6613LowJun 25, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack…

  • CVE-2020-5192Jan 6, 2020
    risk 0.06cvss epss 0.17

    PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.

  • CVE-2020-22165Jun 22, 2021
    risk 0.03cvss epss 0.06

    PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

  • CVE-2020-5191Jan 6, 2020
    risk 0.03cvss epss 0.06

    PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.

  • CVE-2023-7173Dec 30, 2023
    risk 0.01cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the…

  • CVE-2025-70063Feb 18, 2026
    risk 0.00cvss epss 0.00

    The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user…

  • CVE-2025-70062Feb 18, 2026
    risk 0.00cvss epss 0.00

    PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor…

Page 1 of 3