Hospital Management System Security Vulnerabilities
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
8.8CVSS
9.1AI Score
0.001EPSS
PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php.
9.8CVSS
9.9AI Score
0.003EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.
5.4CVSS
5.4AI Score
0.001EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.007EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.
7.5CVSS
7.2AI Score
0.007EPSS
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.
5.4CVSS
5.2AI Score
0.001EPSS
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab.
4.9CVSS
5.4AI Score
0.0005EPSS
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile.
6.1CVSS
5.8AI Score
0.001EPSS
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
9.8CVSS
9.4AI Score
0.004EPSS
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.
4.9CVSS
5.5AI Score
0.0005EPSS
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.
8.8CVSS
8.5AI Score
0.007EPSS
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
6.1CVSS
6.1AI Score
0.003EPSS
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.
8.8CVSS
9AI Score
0.384EPSS
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.
6.1CVSS
6.2AI Score
0.001EPSS
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
8.8CVSS
9AI Score
0.001EPSS
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
5.4CVSS
5.3AI Score
0.001EPSS
SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.
9.8CVSS
9.8AI Score
0.002EPSS
Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php.
5.3CVSS
5.2AI Score
0.001EPSS
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php.
6.1CVSS
6AI Score
0.001EPSS
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.
6.1CVSS
6AI Score
0.001EPSS
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.
6.1CVSS
6.1AI Score
0.001EPSS
A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database.
9.8CVSS
9.6AI Score
0.002EPSS
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.
9.8CVSS
9.6AI Score
0.002EPSS
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
7.5CVSS
7.8AI Score
0.002EPSS
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
9.8CVSS
9.7AI Score
0.114EPSS
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.
7.5CVSS
7.7AI Score
0.002EPSS
An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files.
9.1CVSS
9.1AI Score
0.003EPSS
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.
9.8CVSS
9.8AI Score
0.002EPSS
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php.
5.4CVSS
5.3AI Score
0.001EPSS
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php.
5.4CVSS
5.3AI Score
0.001EPSS
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.
5.4CVSS
5.3AI Score
0.001EPSS
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.
9.8CVSS
9.7AI Score
0.002EPSS
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.
7.5CVSS
7.8AI Score
0.002EPSS
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.
9.8CVSS
9.7AI Score
0.002EPSS
HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.
6.1CVSS
6AI Score
0.001EPSS
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.
9.1CVSS
9.1AI Score
0.002EPSS
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.
9.8CVSS
9.8AI Score
0.002EPSS
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.
9.8CVSS
9.8AI Score
0.002EPSS
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
9.8CVSS
9.8AI Score
0.002EPSS
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.
9.8CVSS
9.8AI Score
0.002EPSS