Lucene search
K

32 matches found

Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-14774 itsourcecode Hospital Management System paymentdischarge.php sql injection

A vulnerability was determined in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /paymentdischarge.php. This manipulation of the argument patientid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and ma...

6.5CVSS0.00204EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-55830

Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A remote SQL injection exists in the /payment.php endpoint. The issue occurs when the patientid argument is manipulated, allowing an attacker to execute arbitrary SQL commands on...

6.5CVSS7AI score0.00204EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/15 1:45 a.m.36 views

CVE-2026-12207 medkey-org medkey HTTP REST API PatientController.php actionGetPatientById resource injection

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of the argument ID...

5.3CVSS0.00226EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-3980

A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

9.8CVSS6.9AI score0.00379EPSS
Exploits1References1
OSV
OSV
added 2026/03/18 8:30 p.m.3 views

CVE-2026-25745 OpenEMR's Message Update Ignores Patient id

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the message/note update endpoint e.g. PUT or POST updates by message/note ID only and does not verify that the message belongs to the current patient or...

6.5CVSS5.8AI score0.00274EPSS
Exploits1References4
NVD
NVD
added 2026/03/12 5:16 a.m.5 views

CVE-2026-3980

A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

9.8CVSS0.00379EPSS
Exploits1References5
NVD
NVD
added 2026/03/08 9:16 a.m.4 views

CVE-2026-3724

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patientid causes improper authorization. It is possible to initiate the attack remotely. The exploit has...

8.8CVSS0.00299EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/08 8:32 a.m.6 views

CVE-2026-3724

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patientid causes improper authorization. It is possible to initiate the attack remotely. The exploit has...

6.5CVSS5.6AI score0.00299EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/08 8:32 a.m.30 views

CVE-2026-3724 SourceCodester Patients Waiting Area Queue Management System checkin.php improper authorization

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patientid causes improper authorization. It is possible to initiate the attack remotely. The exploit has...

6.5CVSS0.00299EPSS
Exploits1References5
CVE
CVE
added 2026/03/08 8:32 a.m.18 views

CVE-2026-3724

The CVE-2026-3724 issue affects SourceCodester Patients Waiting Area Queue Management System 1.0, with a vulnerability in /checkin.php where manipulating the argument patient_id causes improper authorization. This can be triggered remotely and an exploit is publicly available. Impact is described...

8.8CVSS5.6AI score0.00299EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/08 12:0 a.m.9 views

SourceCodester Patients Waiting Area Queue Management System 授权问题漏洞

The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a vulnerability related to authorization issues. This...

8.8CVSS6.6AI score0.00299EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.12 views

PT-2026-23929

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient id causes improper authorization. It is possible to initiate the attack remotely. The exploit ha...

6.5CVSS5.6AI score0.00299EPSS
Exploits1References6
NVD
NVD
added 2026/02/27 5:16 p.m.17 views

CVE-2026-25147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS0.0022EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/27 4:44 p.m.4 views

CVE-2026-25147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 4:44 p.m.5 views

CVE-2026-25147 OpenEMR's Portal Payment Endpoint Trusts User-Controlled pid

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/27 4:44 p.m.5 views

EUVD-2026-9036

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References2
CVE
CVE
added 2026/02/27 4:44 p.m.14 views

CVE-2026-25147

OpenEMR CVE-2026-25147 affects the portal payment flow. In versions prior to 8.0.0, portal_payment.php takes the target patient id from the HTTP request (pid from $_REQUEST and hidden_patient_code) rather than the authenticated portal user’s pid. This allows a logged-in portal user to overwrite t...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22350

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. Prior to version 8.0.0, the patient ID used in portal/portal payment.php is obtained from the request $pid = $...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/02/09 1:23 p.m.8 views

CVE-2026-2149

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patientid results in cross site scripting. It is possible to...

6.1CVSS4AI score0.00352EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/09 1:23 p.m.10 views

CVE-2026-2150

A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulation of the argument patientid causes cross site scripting. The attack can be initiated remotely. Th...

6.1CVSS3.9AI score0.00352EPSS
Exploits1References1
Rows per page
Query Builder