Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hospital_management_system
(Hospital_management_system_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 43 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-26 | CVE-2024-11674 | A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Affected is an unknown function of the file /backend/doc/his_doc_update-account.php. The manipulation of the argument doc_dpic leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | Hospital_management_system | 8.8 | ||
| 2024-11-26 | CVE-2024-11676 | A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | Hospital_management_system | 5.4 | ||
| 2024-11-26 | CVE-2024-11677 | A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument v_name/v_adr/v_number/v_email/v_phone/v_desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | Hospital_management_system | 5.4 | ||
| 2024-11-26 | CVE-2024-11678 | A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | Hospital_management_system | 5.4 | ||
| 2021-08-16 | CVE-2021-38754 | SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php. | Hospital_management_system | 9.8 | ||
| 2021-08-16 | CVE-2021-38755 | Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php. | Hospital_management_system | 5.3 | ||
| 2021-08-16 | CVE-2021-38756 | Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php. | Hospital_management_system | 6.1 | ||
| 2021-08-16 | CVE-2021-38757 | Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. | Hospital_management_system | 6.1 | ||
| 2022-02-24 | CVE-2022-25402 | An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. | Hospital_management_system | 9.1 | ||
| 2022-02-24 | CVE-2022-25403 | HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. | Hospital_management_system | 9.8 |