Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hospital_management_system
(Hospital_management_system_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 43 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-26 | CVE-2024-11678 | A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | Hospital_management_system | 5.4 | ||
| 2021-08-16 | CVE-2021-38754 | SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php. | Hospital_management_system | 9.8 | ||
| 2021-08-16 | CVE-2021-38755 | Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php. | Hospital_management_system | 5.3 | ||
| 2021-08-16 | CVE-2021-38756 | Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php. | Hospital_management_system | 6.1 | ||
| 2021-08-16 | CVE-2021-38757 | Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. | Hospital_management_system | 6.1 | ||
| 2022-02-24 | CVE-2022-25402 | An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. | Hospital_management_system | 9.1 | ||
| 2022-02-24 | CVE-2022-25403 | HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. | Hospital_management_system | 9.8 | ||
| 2022-02-28 | CVE-2022-25407 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. | Hospital_management_system | 5.4 | ||
| 2022-02-28 | CVE-2022-25408 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. | Hospital_management_system | 5.4 | ||
| 2022-02-28 | CVE-2022-25409 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. | Hospital_management_system | 5.4 |