Hospital Management System
by kishan0725
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-48120 | Cri | 0.64 | 9.8 | 0.01 | Jan 20, 2023 | SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php. | ||
| CVE-2022-24646 | Hig | 0.49 | 7.5 | 0.02 | Feb 10, 2022 | Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. | ||
| CVE-2024-12976 | Hig | 0.48 | 7.3 | 0.01 | Dec 27, 2024 | A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The attack may be launched… | ||
| CVE-2024-12947 | Med | 0.41 | 6.3 | 0.01 | Dec 26, 2024 | A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the argument dname leads to sql injection. The attack may be launched remotely. The… | ||
| CVE-2024-45983 | Med | 0.41 | 6.3 | 0.00 | Sep 26, 2024 | A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an authenticated admin user to… | ||
| CVE-2021-38757 | Med | 0.40 | 6.1 | 0.01 | Aug 16, 2021 | Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. | ||
| CVE-2021-38756 | Med | 0.40 | 6.1 | 0.01 | Aug 16, 2021 | Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php. | ||
| CVE-2022-25409 | Med | 0.35 | 5.4 | 0.00 | Feb 28, 2022 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. | ||
| CVE-2022-25408 | Med | 0.35 | 5.4 | 0.00 | Feb 28, 2022 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. | ||
| CVE-2022-25407 | Med | 0.35 | 5.4 | 0.00 | Feb 28, 2022 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. | ||
| CVE-2021-38755 | Med | 0.35 | 5.3 | 0.01 | Aug 16, 2021 | Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php. | ||
| CVE-2025-63512 | 0.00 | — | 0.00 | Nov 18, 2025 | kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize user-supplied input from the demail parameter before incorporating it directly into… | |||
| CVE-2025-63514 | 0.00 | — | 0.00 | Nov 18, 2025 | kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter. | |||
| CVE-2025-63513 | 0.00 | — | 0.00 | Nov 18, 2025 | kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functionality. |
- risk 0.64cvss 9.8epss 0.01
SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php.
- risk 0.49cvss 7.5epss 0.02
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.
- risk 0.48cvss 7.3epss 0.01
A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The attack may be launched…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the argument dname leads to sql injection. The attack may be launched remotely. The…
- risk 0.41cvss 6.3epss 0.00
A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an authenticated admin user to…
- risk 0.40cvss 6.1epss 0.01
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.
- risk 0.40cvss 6.1epss 0.01
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php.
- risk 0.35cvss 5.4epss 0.00
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.
- risk 0.35cvss 5.4epss 0.00
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php.
- risk 0.35cvss 5.4epss 0.00
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php.
- risk 0.35cvss 5.3epss 0.01
Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php.
- CVE-2025-63512Nov 18, 2025risk 0.00cvss —epss 0.00
kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize user-supplied input from the demail parameter before incorporating it directly into…
- CVE-2025-63514Nov 18, 2025risk 0.00cvss —epss 0.00
kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter.
- CVE-2025-63513Nov 18, 2025risk 0.00cvss —epss 0.00
kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functionality.