Hospital Management System
by Phpgurukul
CVEs (59)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-56214 | Cri | 0.64 | 9.8 | 0.00 | Aug 25, 2025 | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter. | ||
| CVE-2025-56212 | Cri | 0.64 | 9.8 | 0.00 | Aug 25, 2025 | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter. | ||
| CVE-2025-56216 | Hig | 0.55 | 8.5 | 0.00 | Aug 25, 2025 | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. | ||
| CVE-2025-8955 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been… | ||
| CVE-2025-8954 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The… | ||
| CVE-2025-7604 | Hig | 0.47 | 7.3 | 0.00 | Jul 14, 2025 | A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack can be… | ||
| CVE-2025-7176 | Hig | 0.47 | 7.3 | 0.01 | Jul 8, 2025 | A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid leads to sql injection. The attack can be… | ||
| CVE-2025-56215 | Med | 0.42 | 6.5 | 0.00 | Aug 25, 2025 | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter. | ||
| CVE-2026-1550 | Med | 0.41 | 6.3 | 0.00 | Jan 28, 2026 | A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation results in improper… | ||
| CVE-2025-6570 | Med | 0.41 | 6.3 | 0.00 | Jun 24, 2025 | A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may… | ||
| CVE-2026-36388 | Med | 0.35 | 5.4 | 0.00 | May 7, 2026 | A Cross-Site Scripting (XSS) vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker (patient) to inject a malicious script payload into the User Name parameter, which is stored… | ||
| CVE-2026-2179 | Med | 0.31 | 4.7 | 0.00 | Feb 8, 2026 | A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly… | ||
| CVE-2026-2134 | Med | 0.31 | 4.7 | 0.00 | Feb 8, 2026 | A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote.… | ||
| CVE-2025-6613 | Low | 0.23 | 3.5 | 0.00 | Jun 25, 2025 | A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack… | ||
| CVE-2020-5192 | 0.06 | — | 0.17 | Jan 6, 2020 | PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised. | |||
| CVE-2020-22165 | 0.03 | — | 0.06 | Jun 22, 2021 | PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||
| CVE-2020-5191 | 0.03 | — | 0.06 | Jan 6, 2020 | PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities. | |||
| CVE-2023-7173 | 0.01 | — | 0.01 | Dec 30, 2023 | A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the… | |||
| CVE-2025-70063 | 0.00 | — | 0.00 | Feb 18, 2026 | The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user… | |||
| CVE-2025-70062 | 0.00 | — | 0.00 | Feb 18, 2026 | PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor… |
- risk 0.64cvss 9.8epss 0.00
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.
- risk 0.64cvss 9.8epss 0.00
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.
- risk 0.55cvss 8.5epss 0.00
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack can be…
- risk 0.47cvss 7.3epss 0.01
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid leads to sql injection. The attack can be…
- risk 0.42cvss 6.5epss 0.00
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter.
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation results in improper…
- risk 0.41cvss 6.3epss 0.00
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may…
- risk 0.35cvss 5.4epss 0.00
A Cross-Site Scripting (XSS) vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker (patient) to inject a malicious script payload into the User Name parameter, which is stored…
- risk 0.31cvss 4.7epss 0.00
A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly…
- risk 0.31cvss 4.7epss 0.00
A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote.…
- risk 0.23cvss 3.5epss 0.00
A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack…
- CVE-2020-5192Jan 6, 2020risk 0.06cvss —epss 0.17
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.
- CVE-2020-22165Jun 22, 2021risk 0.03cvss —epss 0.06
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
- CVE-2020-5191Jan 6, 2020risk 0.03cvss —epss 0.06
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
- CVE-2023-7173Dec 30, 2023risk 0.01cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the…
- CVE-2025-70063Feb 18, 2026risk 0.00cvss —epss 0.00
The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user…
- CVE-2025-70062Feb 18, 2026risk 0.00cvss —epss 0.00
PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor…
Page 1 of 3