VYPR
Vendor

Hms

Products
2
CVEs
13
Across products
13
Status
Private

Products

2

Recent CVEs

13
  • CVE-2022-23366CriJan 21, 2022
    risk 0.67cvss 9.8epss 0.07

    HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.

  • CVE-2022-30011CriMay 16, 2022
    risk 0.65cvss 9.8epss 0.18

    In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.

  • CVE-2022-24136CriMar 31, 2022
    risk 0.64cvss 9.8epss 0.02

    Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.

  • CVE-2022-25492CriMar 15, 2022
    risk 0.64cvss 9.8epss 0.02

    HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.

  • CVE-2022-25490CriMar 15, 2022
    risk 0.64cvss 9.8epss 0.02

    HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.

  • CVE-2022-23365CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.01

    HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.

  • CVE-2022-23364CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.01

    HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.

  • CVE-2022-26546CriMar 31, 2022
    risk 0.59cvss 9.1epss 0.01

    Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.

  • CVE-2022-25402CriFeb 24, 2022
    risk 0.59cvss 9.1epss 0.02

    An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files.

  • CVE-2022-30012HigMay 16, 2022
    risk 0.49cvss 7.5epss 0.02

    In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.

  • CVE-2022-25491HigMar 15, 2022
    risk 0.49cvss 7.5epss 0.01

    HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.

  • CVE-2022-25493MedMar 15, 2022
    risk 0.40cvss 6.1epss 0.01

    HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.

  • CVE-2022-4013MedNov 16, 2022
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has…