Hospital Management System
CVEs (64)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-43909 | Cri | 0.59 | 9.1 | 0.01 | Sep 29, 2023 | Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. | ||
| CVE-2022-26546 | Cri | 0.59 | 9.1 | 0.01 | Mar 31, 2022 | Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. | ||
| CVE-2024-53345 | Hig | 0.57 | 8.8 | 0.01 | Jan 7, 2025 | An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file. | ||
| CVE-2022-46499 | Hig | 0.57 | 8.8 | 0.01 | Mar 7, 2024 | Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php. | ||
| CVE-2021-35387 | Hig | 0.57 | 8.8 | 0.01 | Oct 28, 2022 | Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. | ||
| CVE-2022-22854 | Hig | 0.57 | 8.8 | 0.01 | Feb 14, 2022 | An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. | ||
| CVE-2021-43137 | Hig | 0.57 | 8.8 | 0.01 | Dec 1, 2021 | Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. | ||
| CVE-2022-46497 | Hig | 0.53 | 8.1 | 0.01 | Mar 7, 2024 | Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_view_single_patien.php. | ||
| CVE-2022-46093 | Hig | 0.53 | 8.2 | 0.01 | Jan 13, 2023 | Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password. | ||
| CVE-2022-24232 | Hig | 0.51 | 7.8 | 0.01 | Feb 24, 2022 | A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||
| CVE-2024-28320 | Hig | 0.49 | 7.6 | 0.01 | Apr 29, 2024 | Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php. | ||
| CVE-2022-24226 | Hig | 0.49 | 7.5 | 0.02 | Feb 15, 2022 | Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. | ||
| CVE-2022-24646 | Hig | 0.49 | 7.5 | 0.02 | Feb 10, 2022 | Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. | ||
| CVE-2022-34590 | Hig | 0.47 | 7.2 | 0.04 | Jul 20, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php. | ||
| CVE-2022-29318 | Hig | 0.47 | 7.2 | 0.01 | May 11, 2022 | An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||
| CVE-2023-3811 | Med | 0.41 | 6.3 | 0.01 | Jul 21, 2023 | A vulnerability was found in Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file patientprofile.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The… | ||
| CVE-2023-3810 | Med | 0.41 | 6.3 | 0.01 | Jul 21, 2023 | A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file patientappointment.php. The manipulation of the argument loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/… | ||
| CVE-2023-3809 | Med | 0.41 | 6.3 | 0.01 | Jul 21, 2023 | A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file patient.php. The manipulation of the argument address leads to sql injection. It is possible to initiate the attack remotely. The exploit has… | ||
| CVE-2023-3808 | Med | 0.41 | 6.3 | 0.01 | Jul 21, 2023 | A vulnerability was found in Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file patientforgotpassword.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been… | ||
| CVE-2022-4012 | Med | 0.41 | 6.3 | 0.00 | Nov 16, 2022 | A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been… |
- risk 0.59cvss 9.1epss 0.01
Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
- risk 0.59cvss 9.1epss 0.01
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.
- risk 0.57cvss 8.8epss 0.01
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
- risk 0.57cvss 8.8epss 0.01
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php.
- risk 0.57cvss 8.8epss 0.01
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
- risk 0.57cvss 8.8epss 0.01
An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list.
- risk 0.57cvss 8.8epss 0.01
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
- risk 0.53cvss 8.1epss 0.01
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_view_single_patien.php.
- risk 0.53cvss 8.2epss 0.01
Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password.
- risk 0.51cvss 7.8epss 0.01
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
- risk 0.49cvss 7.6epss 0.01
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php.
- risk 0.49cvss 7.5epss 0.02
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
- risk 0.49cvss 7.5epss 0.02
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.
- risk 0.47cvss 7.2epss 0.04
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php.
- risk 0.47cvss 7.2epss 0.01
An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file patientprofile.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file patientappointment.php. The manipulation of the argument loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file patient.php. The manipulation of the argument address leads to sql injection. It is possible to initiate the attack remotely. The exploit has…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file patientforgotpassword.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been…
- risk 0.41cvss 6.3epss 0.00
A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been…
Page 2 of 4