Hms
Products
2- 11 CVEs
- 2 CVEs
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23366 | Cri | 0.67 | 9.8 | 0.07 | Jan 21, 2022 | HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php. | ||
| CVE-2022-30011 | Cri | 0.65 | 9.8 | 0.18 | May 16, 2022 | In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. | ||
| CVE-2022-24136 | Cri | 0.64 | 9.8 | 0.02 | Mar 31, 2022 | Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. | ||
| CVE-2022-25492 | Cri | 0.64 | 9.8 | 0.02 | Mar 15, 2022 | HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php. | ||
| CVE-2022-25490 | Cri | 0.64 | 9.8 | 0.02 | Mar 15, 2022 | HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php. | ||
| CVE-2022-23365 | Cri | 0.64 | 9.8 | 0.01 | Jan 21, 2022 | HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php. | ||
| CVE-2022-23364 | Cri | 0.64 | 9.8 | 0.01 | Jan 21, 2022 | HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php. | ||
| CVE-2022-26546 | Cri | 0.59 | 9.1 | 0.01 | Mar 31, 2022 | Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. | ||
| CVE-2022-25402 | Cri | 0.59 | 9.1 | 0.02 | Feb 24, 2022 | An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. | ||
| CVE-2022-30012 | Hig | 0.49 | 7.5 | 0.02 | May 16, 2022 | In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection. | ||
| CVE-2022-25491 | Hig | 0.49 | 7.5 | 0.01 | Mar 15, 2022 | HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php. | ||
| CVE-2022-25493 | Med | 0.40 | 6.1 | 0.01 | Mar 15, 2022 | HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php. | ||
| CVE-2022-4013 | Med | 0.28 | 4.3 | 0.00 | Nov 16, 2022 | A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has… |
- risk 0.67cvss 9.8epss 0.07
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.
- risk 0.65cvss 9.8epss 0.18
In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.
- risk 0.64cvss 9.8epss 0.02
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.
- risk 0.64cvss 9.8epss 0.02
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.
- risk 0.64cvss 9.8epss 0.02
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.
- risk 0.64cvss 9.8epss 0.01
HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.
- risk 0.64cvss 9.8epss 0.01
HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.
- risk 0.59cvss 9.1epss 0.01
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.
- risk 0.59cvss 9.1epss 0.02
An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files.
- risk 0.49cvss 7.5epss 0.02
In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.
- risk 0.49cvss 7.5epss 0.01
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.
- risk 0.40cvss 6.1epss 0.01
HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has…