Hospital Management System
CVEs (65)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-24263 | Cri | 0.67 | 9.8 | 0.08 | Jan 31, 2022 | Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. | ||
| CVE-2020-29227 | Cri | 0.65 | 9.8 | 0.17 | Dec 14, 2020 | An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution. | ||
| CVE-2024-51360 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2025 | An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file | ||
| CVE-2023-43958 | Cri | 0.64 | 9.8 | 0.01 | Apr 22, 2025 | An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code. | ||
| CVE-2020-26629 | Cri | 0.64 | 9.8 | 0.01 | Jan 10, 2024 | A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. | ||
| CVE-2023-5053 | Cri | 0.64 | 9.8 | 0.01 | Sep 28, 2023 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | ||
| CVE-2023-5004 | Cri | 0.64 | 9.8 | 0.01 | Sep 28, 2023 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | ||
| CVE-2022-38637 | Cri | 0.64 | 9.8 | 0.05 | Sep 13, 2022 | Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. | ||
| CVE-2022-32095 | Cri | 0.64 | 9.8 | 0.02 | Jul 1, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. | ||
| CVE-2022-32094 | Cri | 0.64 | 9.8 | 0.08 | Jul 1, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. | ||
| CVE-2022-32093 | Cri | 0.64 | 9.8 | 0.01 | Jul 1, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. | ||
| CVE-2022-30516 | Cri | 0.64 | 9.8 | 0.02 | May 26, 2022 | In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. | ||
| CVE-2022-28929 | Cri | 0.64 | 9.8 | 0.02 | May 15, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. | ||
| CVE-2022-27420 | Cri | 0.64 | 9.8 | 0.01 | May 4, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | ||
| CVE-2022-27413 | Cri | 0.64 | 9.8 | 0.03 | May 3, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. | ||
| CVE-2022-27299 | Cri | 0.64 | 9.8 | 0.02 | Apr 26, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. | ||
| CVE-2022-24136 | Cri | 0.64 | 9.8 | 0.02 | Mar 31, 2022 | Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. | ||
| CVE-2022-26201 | Cri | 0.64 | 9.8 | 0.01 | Mar 4, 2022 | Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. | ||
| CVE-2021-38754 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2021 | SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php. | ||
| CVE-2020-29287 | Cri | 0.64 | 9.8 | 0.03 | Dec 2, 2020 | An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php. |
- risk 0.67cvss 9.8epss 0.08
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
- risk 0.65cvss 9.8epss 0.17
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
- risk 0.64cvss 9.8epss 0.01
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file
- risk 0.64cvss 9.8epss 0.01
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code.
- risk 0.64cvss 9.8epss 0.01
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
- risk 0.64cvss 9.8epss 0.01
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
- risk 0.64cvss 9.8epss 0.01
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
- risk 0.64cvss 9.8epss 0.05
Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.
- risk 0.64cvss 9.8epss 0.02
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.
- risk 0.64cvss 9.8epss 0.08
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.
- risk 0.64cvss 9.8epss 0.01
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
- risk 0.64cvss 9.8epss 0.02
In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.
- risk 0.64cvss 9.8epss 0.02
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.
- risk 0.64cvss 9.8epss 0.01
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
- risk 0.64cvss 9.8epss 0.03
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.
- risk 0.64cvss 9.8epss 0.02
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.
- risk 0.64cvss 9.8epss 0.02
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.
- risk 0.64cvss 9.8epss 0.01
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.
- risk 0.64cvss 9.8epss 0.02
SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.
- risk 0.64cvss 9.8epss 0.03
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
Page 1 of 4