Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hospital_management_system
(Hospital_management_system_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 39 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-01-20 | CVE-2022-48120 | SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php. | Hospital_management_system | 9.8 | ||
| 2023-01-13 | CVE-2022-46093 | Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password. | Hospital_management_system | 8.2 | ||
| 2022-09-13 | CVE-2022-38637 | Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. | Hospital_management_system | 9.8 | ||
| 2022-07-20 | CVE-2022-34590 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php. | Hospital_management_system | 7.2 | ||
| 2022-07-01 | CVE-2022-32094 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. | Hospital_management_system | 9.8 | ||
| 2022-07-01 | CVE-2022-32095 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. | Hospital_management_system | 9.8 | ||
| 2022-07-01 | CVE-2022-32093 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. | Hospital_management_system | 9.8 | ||
| 2022-05-26 | CVE-2022-30516 | In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. | Hospital_management_system | 9.8 | ||
| 2022-05-16 | CVE-2022-30012 | In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection. | Hospital_management_system | 7.5 | ||
| 2022-05-15 | CVE-2022-28929 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. | Hospital_management_system | 9.8 |