Lucene search

Hospital's Patient Records Management System Security Vulnerabilities

cve

CVE-2022-22296

Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be displayed.

5.3CVSS

5.2AI Score

0.001EPSS

2022-01-24 02:15 PM

cve

CVE-2022-22850

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_types.

5.4CVSS

5.2AI Score

0.001EPSS

2022-01-26 07:15 PM

cve

CVE-2022-22851

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the specialization parameter in doctors.php

5.4CVSS

5.2AI Score

0.001EPSS

2022-01-26 04:15 PM

cve

CVE-2022-22852

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_list.

5.4CVSS

5.2AI Score

0.001EPSS

2022-01-26 08:15 PM

cve

CVE-2022-22853

A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Name field.

5.4CVSS

5.2AI Score

0.001EPSS

2022-02-16 06:15 PM

123

cve

CVE-2022-22854

An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list.

8.8CVSS

8.7AI Score

0.001EPSS

2022-02-14 06:15 PM

cve

CVE-2022-24232

A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

7.8CVSS

7.7AI Score

0.001EPSS

2022-02-24 07:15 PM

cve

CVE-2022-25003

Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php.

9.8CVSS

9.7AI Score

0.003EPSS

2022-02-24 07:15 PM

cve

CVE-2022-25004

Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php.

9.8CVSS

9.7AI Score

0.002EPSS

2022-02-24 07:15 PM

cve

CVE-2022-26244

5.4CVSS

5.2AI Score

0.001EPSS

2022-03-30 12:15 AM

cve

CVE-2022-32337

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=.

9.8CVSS

9.7AI Score

0.002EPSS

2022-06-14 05:15 PM

cve

CVE-2022-32338

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/manage_doctor.php?id=.

7.2CVSS

7.4AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32339

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/view_doctor.php?id=.

7.2CVSS

7.4AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32340

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=patients/view_patient&id=.

7.2CVSS

7.4AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32341

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=user/manage_user&id=.

7.2CVSS

7.3AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32342

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/room_types/view_room_type.php?id=.

7.2CVSS

7.3AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32343

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via hprms/admin/room_types/manage_room_type.php?id=.

7.2CVSS

7.4AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32344

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient.

7.2CVSS

7.3AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32345

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/manage_room.php?id=.

7.2CVSS

7.4AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32346

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/view_room.php?id=.

7.2CVSS

7.4AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32347

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room.

7.2CVSS

7.4AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32348

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_doctor.

7.2CVSS

7.3AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32349

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_history.

7.2CVSS

7.4AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32350

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room_type.

7.2CVSS

7.3AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32351

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message.

7.2CVSS

7.4AI Score

0.001EPSS

2022-06-14 04:15 PM

cve

CVE-2022-32352

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_admission.

9.8CVSS

9.7AI Score

0.002EPSS

2022-06-14 04:15 PM