Vendor CVEs
Hospital Management System
All CVEs
64 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-24263 | Cri | 0.67 | 9.8 | 0.08 | Jan 31, 2022 | Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. | ||
| CVE-2020-29227 | Cri | 0.65 | 9.8 | 0.17 | Dec 14, 2020 | An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution. | ||
| CVE-2024-51360 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2025 | An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file | ||
| CVE-2023-43958 | Cri | 0.64 | 9.8 | 0.01 | Apr 22, 2025 | An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code. | ||
| CVE-2020-26629 | Cri | 0.64 | 9.8 | 0.01 | Jan 10, 2024 | A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. | ||
| CVE-2023-5053 | Cri | 0.64 | 9.8 | 0.01 | Sep 28, 2023 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | ||
| CVE-2023-5004 | Cri | 0.64 | 9.8 | 0.01 | Sep 28, 2023 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | ||
| CVE-2022-38637 | Cri | 0.64 | 9.8 | 0.05 | Sep 13, 2022 | Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. | ||
| CVE-2022-32095 | Cri | 0.64 | 9.8 | 0.02 | Jul 1, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. | ||
| CVE-2022-32094 | Cri | 0.64 | 9.8 | 0.08 | Jul 1, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. | ||
| CVE-2022-32093 | Cri | 0.64 | 9.8 | 0.01 | Jul 1, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. | ||
| CVE-2022-30516 | Cri | 0.64 | 9.8 | 0.02 | May 26, 2022 | In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. | ||
| CVE-2022-28929 | Cri | 0.64 | 9.8 | 0.02 | May 15, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. | ||
| CVE-2022-27420 | Cri | 0.64 | 9.8 | 0.01 | May 4, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | ||
| CVE-2022-27413 | Cri | 0.64 | 9.8 | 0.03 | May 3, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. | ||
| CVE-2022-27299 | Cri | 0.64 | 9.8 | 0.02 | Apr 26, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. | ||
| CVE-2022-24136 | Cri | 0.64 | 9.8 | 0.02 | Mar 31, 2022 | Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. | ||
| CVE-2022-26201 | Cri | 0.64 | 9.8 | 0.01 | Mar 4, 2022 | Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. | ||
| CVE-2021-38754 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2021 | SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php. | ||
| CVE-2020-29287 | Cri | 0.64 | 9.8 | 0.03 | Dec 2, 2020 | An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php. | ||
| CVE-2023-43909 | Cri | 0.59 | 9.1 | 0.01 | Sep 29, 2023 | Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. | ||
| CVE-2022-26546 | Cri | 0.59 | 9.1 | 0.01 | Mar 31, 2022 | Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. | ||
| CVE-2024-53345 | Hig | 0.57 | 8.8 | 0.01 | Jan 7, 2025 | An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file. | ||
| CVE-2022-46499 | Hig | 0.57 | 8.8 | 0.01 | Mar 7, 2024 | Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php. | ||
| CVE-2021-35387 | Hig | 0.57 | 8.8 | 0.01 | Oct 28, 2022 | Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. | ||
| CVE-2022-22854 | Hig | 0.57 | 8.8 | 0.01 | Feb 14, 2022 | An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. | ||
| CVE-2021-43137 | Hig | 0.57 | 8.8 | 0.01 | Dec 1, 2021 | Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. | ||
| CVE-2022-46497 | Hig | 0.53 | 8.1 | 0.01 | Mar 7, 2024 | Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_view_single_patien.php. | ||
| CVE-2022-46093 | Hig | 0.53 | 8.2 | 0.01 | Jan 13, 2023 | Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password. | ||
| CVE-2022-24232 | Hig | 0.51 | 7.8 | 0.01 | Feb 24, 2022 | A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||
| CVE-2024-28320 | Hig | 0.49 | 7.6 | 0.01 | Apr 29, 2024 | Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php. | ||
| CVE-2022-24226 | Hig | 0.49 | 7.5 | 0.02 | Feb 15, 2022 | Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. | ||
| CVE-2022-24646 | Hig | 0.49 | 7.5 | 0.02 | Feb 10, 2022 | Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. | ||
| CVE-2022-34590 | Hig | 0.47 | 7.2 | 0.04 | Jul 20, 2022 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php. | ||
| CVE-2022-29318 | Hig | 0.47 | 7.2 | 0.01 | May 11, 2022 | An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||
| CVE-2023-3811 | Med | 0.41 | 6.3 | 0.01 | Jul 21, 2023 | A vulnerability was found in Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file patientprofile.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The… | ||
| CVE-2023-3810 | Med | 0.41 | 6.3 | 0.01 | Jul 21, 2023 | A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file patientappointment.php. The manipulation of the argument loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/… | ||
| CVE-2023-3809 | Med | 0.41 | 6.3 | 0.01 | Jul 21, 2023 | A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file patient.php. The manipulation of the argument address leads to sql injection. It is possible to initiate the attack remotely. The exploit has… | ||
| CVE-2023-3808 | Med | 0.41 | 6.3 | 0.01 | Jul 21, 2023 | A vulnerability was found in Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file patientforgotpassword.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been… | ||
| CVE-2022-4012 | Med | 0.41 | 6.3 | 0.00 | Nov 16, 2022 | A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been… | ||
| CVE-2025-29410 | Med | 0.40 | 6.1 | 0.00 | Mar 20, 2025 | A cross-site scripting (XSS) vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the txtEmail parameter. | ||
| CVE-2020-26628 | Med | 0.40 | 6.1 | 0.01 | Jan 10, 2024 | A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting… | ||
| CVE-2023-36939 | Med | 0.40 | 6.1 | 0.01 | Jul 10, 2023 | Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field. | ||
| CVE-2021-38757 | Med | 0.40 | 6.1 | 0.01 | Aug 16, 2021 | Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. | ||
| CVE-2023-36375 | Med | 0.35 | 5.4 | 0.01 | Jul 10, 2023 | Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details… | ||
| CVE-2021-35388 | Med | 0.35 | 5.4 | 0.00 | Oct 28, 2022 | Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. | ||
| CVE-2022-25409 | Med | 0.35 | 5.4 | 0.00 | Feb 28, 2022 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. | ||
| CVE-2022-25408 | Med | 0.35 | 5.4 | 0.00 | Feb 28, 2022 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. | ||
| CVE-2022-25407 | Med | 0.35 | 5.4 | 0.00 | Feb 28, 2022 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. | ||
| CVE-2021-38755 | Med | 0.35 | 5.3 | 0.01 | Aug 16, 2021 | Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php. |
- risk 0.67cvss 9.8epss 0.08
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
- risk 0.65cvss 9.8epss 0.17
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
- risk 0.64cvss 9.8epss 0.01
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file
- risk 0.64cvss 9.8epss 0.01
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code.
- risk 0.64cvss 9.8epss 0.01
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
- risk 0.64cvss 9.8epss 0.01
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
- risk 0.64cvss 9.8epss 0.01
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
- risk 0.64cvss 9.8epss 0.05
Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.
- risk 0.64cvss 9.8epss 0.02
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.
- risk 0.64cvss 9.8epss 0.08
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.
- risk 0.64cvss 9.8epss 0.01
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
- risk 0.64cvss 9.8epss 0.02
In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.
- risk 0.64cvss 9.8epss 0.02
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.
- risk 0.64cvss 9.8epss 0.01
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
- risk 0.64cvss 9.8epss 0.03
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.
- risk 0.64cvss 9.8epss 0.02
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.
- risk 0.64cvss 9.8epss 0.02
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.
- risk 0.64cvss 9.8epss 0.01
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.
- risk 0.64cvss 9.8epss 0.02
SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.
- risk 0.64cvss 9.8epss 0.03
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
- risk 0.59cvss 9.1epss 0.01
Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
- risk 0.59cvss 9.1epss 0.01
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.
- risk 0.57cvss 8.8epss 0.01
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
- risk 0.57cvss 8.8epss 0.01
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php.
- risk 0.57cvss 8.8epss 0.01
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
- risk 0.57cvss 8.8epss 0.01
An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list.
- risk 0.57cvss 8.8epss 0.01
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
- risk 0.53cvss 8.1epss 0.01
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_view_single_patien.php.
- risk 0.53cvss 8.2epss 0.01
Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password.
- risk 0.51cvss 7.8epss 0.01
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
- risk 0.49cvss 7.6epss 0.01
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php.
- risk 0.49cvss 7.5epss 0.02
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
- risk 0.49cvss 7.5epss 0.02
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.
- risk 0.47cvss 7.2epss 0.04
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php.
- risk 0.47cvss 7.2epss 0.01
An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file patientprofile.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file patientappointment.php. The manipulation of the argument loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file patient.php. The manipulation of the argument address leads to sql injection. It is possible to initiate the attack remotely. The exploit has…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file patientforgotpassword.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been…
- risk 0.41cvss 6.3epss 0.00
A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been…
- risk 0.40cvss 6.1epss 0.00
A cross-site scripting (XSS) vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the txtEmail parameter.
- risk 0.40cvss 6.1epss 0.01
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting…
- risk 0.40cvss 6.1epss 0.01
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field.
- risk 0.40cvss 6.1epss 0.01
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details…
- risk 0.35cvss 5.4epss 0.00
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
- risk 0.35cvss 5.4epss 0.00
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.
- risk 0.35cvss 5.4epss 0.00
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php.
- risk 0.35cvss 5.4epss 0.00
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php.
- risk 0.35cvss 5.3epss 0.01
Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php.
Page 1 of 2