Vendor CVEs
Hospital Management System
All CVEs
64 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-26630 | Med | 0.32 | 4.9 | 0.01 | Jan 10, 2024 | A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin. | ||
| CVE-2020-26627 | Med | 0.32 | 4.9 | 0.01 | Jan 10, 2024 | A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. | ||
| CVE-2023-36376 | Med | 0.31 | 4.8 | 0.01 | Jul 10, 2023 | Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section. | ||
| CVE-2022-4013 | Med | 0.28 | 4.3 | 0.00 | Nov 16, 2022 | A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has… | ||
| CVE-2022-46498 | Low | 0.18 | 2.7 | 0.00 | Mar 7, 2024 | Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php. | ||
| CVE-2023-41528 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters. | |||
| CVE-2023-41527 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php. | |||
| CVE-2023-40992 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter. | |||
| CVE-2023-41525 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | |||
| CVE-2023-41531 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters. | |||
| CVE-2023-41530 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. | |||
| CVE-2023-41529 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters. | |||
| CVE-2023-41532 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php. | |||
| CVE-2023-41526 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters. |
- risk 0.32cvss 4.9epss 0.01
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.
- risk 0.32cvss 4.9epss 0.01
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab.
- risk 0.31cvss 4.8epss 0.01
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section.
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has…
- risk 0.18cvss 2.7epss 0.00
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php.
- CVE-2023-41528Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
- CVE-2023-41527Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
- CVE-2023-40992Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.
- CVE-2023-41525Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
- CVE-2023-41531Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.
- CVE-2023-41530Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
- CVE-2023-41529Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters.
- CVE-2023-41532Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.
- CVE-2023-41526Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.
Page 2 of 2