Hospital Management System
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-26462 | Hig | 0.47 | 7.3 | 0.00 | May 18, 2026 | Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrary operating system commands. | ||
| CVE-2023-41528 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters. | |||
| CVE-2023-41527 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php. | |||
| CVE-2023-41526 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters. | |||
| CVE-2023-41525 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | |||
| CVE-2023-41532 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php. | |||
| CVE-2023-41531 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters. | |||
| CVE-2023-41529 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters. | |||
| CVE-2023-5053 | 0.00 | — | 0.00 | Sep 28, 2023 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | |||
| CVE-2023-5004 | 0.00 | — | 0.00 | Sep 28, 2023 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. |
- risk 0.47cvss 7.3epss 0.00
Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrary operating system commands.
- CVE-2023-41528Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
- CVE-2023-41527Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
- CVE-2023-41526Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.
- CVE-2023-41525Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
- CVE-2023-41532Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.
- CVE-2023-41531Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.
- CVE-2023-41529Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters.
- CVE-2023-5053Sep 28, 2023risk 0.00cvss —epss 0.00
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
- CVE-2023-5004Sep 28, 2023risk 0.00cvss —epss 0.00
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.