Hospital Management System
by Phpgurukul
CVEs (59)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-70064 | 0.00 | — | 0.00 | Feb 18, 2026 | PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after… | |||
| CVE-2025-5584 | 0.00 | — | 0.00 | Jun 4, 2025 | A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipulation of the argument patname leads to… | |||
| CVE-2024-56990 | 0.00 | — | 0.00 | Jan 21, 2025 | PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php. | |||
| CVE-2024-56997 | 0.00 | — | 0.00 | Jan 21, 2025 | PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter. | |||
| CVE-2024-56998 | 0.00 | — | 0.00 | Jan 21, 2025 | PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address. | |||
| CVE-2024-10807 | 0.00 | — | 0.00 | Nov 5, 2024 | A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be… | |||
| CVE-2024-10806 | 0.00 | — | 0.00 | Nov 5, 2024 | A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The… | |||
| CVE-2024-46238 | 0.00 | — | 0.00 | Oct 21, 2024 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php | |||
| CVE-2024-46239 | 0.00 | — | 0.00 | Oct 21, 2024 | Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php. | |||
| CVE-2024-46237 | 0.00 | — | 0.00 | Oct 9, 2024 | PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php. | |||
| CVE-2024-0364 | 0.00 | — | 0.01 | Jan 10, 2024 | A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the… | |||
| CVE-2024-0363 | 0.00 | — | 0.01 | Jan 10, 2024 | A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The… | |||
| CVE-2024-0362 | 0.00 | — | 0.01 | Jan 10, 2024 | A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been… | |||
| CVE-2024-0361 | 0.00 | — | 0.01 | Jan 10, 2024 | A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may… | |||
| CVE-2024-0360 | 0.00 | — | 0.01 | Jan 10, 2024 | A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The… | |||
| CVE-2024-0286 | 0.00 | — | 0.01 | Jan 7, 2024 | A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site… | |||
| CVE-2023-7172 | 0.00 | — | 0.01 | Dec 30, 2023 | A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely.… | |||
| CVE-2023-34651 | 0.00 | — | 0.00 | Jun 28, 2023 | PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). | |||
| CVE-2023-31498 | 0.00 | — | 0.02 | May 11, 2023 | A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. | |||
| CVE-2021-35387 | 0.00 | — | 0.01 | Oct 28, 2022 | Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. |
- CVE-2025-70064Feb 18, 2026risk 0.00cvss —epss 0.00
PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after…
- CVE-2025-5584Jun 4, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipulation of the argument patname leads to…
- CVE-2024-56990Jan 21, 2025risk 0.00cvss —epss 0.00
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php.
- CVE-2024-56997Jan 21, 2025risk 0.00cvss —epss 0.00
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter.
- CVE-2024-56998Jan 21, 2025risk 0.00cvss —epss 0.00
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address.
- CVE-2024-10807Nov 5, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be…
- CVE-2024-10806Nov 5, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The…
- CVE-2024-46238Oct 21, 2024risk 0.00cvss —epss 0.00
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php
- CVE-2024-46239Oct 21, 2024risk 0.00cvss —epss 0.00
Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php.
- CVE-2024-46237Oct 9, 2024risk 0.00cvss —epss 0.00
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php.
- CVE-2024-0364Jan 10, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the…
- CVE-2024-0363Jan 10, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The…
- CVE-2024-0362Jan 10, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been…
- CVE-2024-0361Jan 10, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may…
- CVE-2024-0360Jan 10, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The…
- CVE-2024-0286Jan 7, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site…
- CVE-2023-7172Dec 30, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely.…
- CVE-2023-34651Jun 28, 2023risk 0.00cvss —epss 0.00
PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
- CVE-2023-31498May 11, 2023risk 0.00cvss —epss 0.02
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.
- CVE-2021-35387Oct 28, 2022risk 0.00cvss —epss 0.01
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
Page 2 of 3