Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hospital_management_system
(Phpgurukul)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 43 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-10 | CVE-2020-26630 | A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin. | Hospital_management_system | 4.9 | ||
| 2024-01-10 | CVE-2020-26629 | A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. | Hospital_management_system | 9.8 | ||
| 2024-01-10 | CVE-2020-26629 | A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. | Hospital_management_system | 9.8 | ||
| 2022-10-21 | CVE-2022-42205 | PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php. | Hospital_management_system | 5.4 | ||
| 2022-10-21 | CVE-2022-42206 | PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. | Hospital_management_system | 5.4 | ||
| 2022-10-28 | CVE-2021-35387 | Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. | Hospital_management_system | 8.8 | ||
| 2022-10-28 | CVE-2021-35388 | Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. | Hospital_management_system | 5.4 | ||
| 2023-05-11 | CVE-2023-31498 | A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. | Hospital_management_system | 9.8 | ||
| 2024-11-26 | CVE-2024-11675 | A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the... | Hospital_management_system | 5.4 | ||
| 2020-01-06 | CVE-2020-5191 | PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities. | Hospital_management_system | 6.1 |