VYPR

Hospital Management System

by Phpgurukul

CVEs (59)

  • CVE-2025-70064Feb 18, 2026
    risk 0.00cvss epss 0.00

    PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after…

  • CVE-2025-5584Jun 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipulation of the argument patname leads to…

  • CVE-2024-56990Jan 21, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php.

  • CVE-2024-56997Jan 21, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter.

  • CVE-2024-56998Jan 21, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address.

  • CVE-2024-10807Nov 5, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be…

  • CVE-2024-10806Nov 5, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The…

  • CVE-2024-46238Oct 21, 2024
    risk 0.00cvss epss 0.00

    Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php

  • CVE-2024-46239Oct 21, 2024
    risk 0.00cvss epss 0.00

    Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php.

  • CVE-2024-46237Oct 9, 2024
    risk 0.00cvss epss 0.00

    PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php.

  • CVE-2024-0364Jan 10, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the…

  • CVE-2024-0363Jan 10, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The…

  • CVE-2024-0362Jan 10, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been…

  • CVE-2024-0361Jan 10, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may…

  • CVE-2024-0360Jan 10, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The…

  • CVE-2024-0286Jan 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site…

  • CVE-2023-7172Dec 30, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely.…

  • CVE-2023-34651Jun 28, 2023
    risk 0.00cvss epss 0.00

    PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).

  • CVE-2023-31498May 11, 2023
    risk 0.00cvss epss 0.02

    A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.

  • CVE-2021-35387Oct 28, 2022
    risk 0.00cvss epss 0.01

    Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.