3 matches found
CVE-2022-23364
CVE-2022-23364 affects HMS v1.0 and is described as a SQL injection vulnerability exploitable via the adminlogin.php endpoint. The connected documents corroborate a SQL injection issue in HMS, but do not provide concrete exploit details, affected versions beyond v1.0, or remediation steps. The im...
CVE-2022-23366
CVE-2022-23366 affects HMS v1.0 with a SQL injection in patientlogin.php. The vulnerability is evidenced across multiple connected sources (Red Hat, CNVD, CNVD-like entries) and exploited publicly (Exploit-DB, PacketStorm), showing a login parameter (loginid) susceptible to time-based blind SQLi ...
CVE-2022-23365
CVE-2022-23365 affects HMS v1.0 and is a SQL injection vulnerability exposed via doctorlogin.php. The root cause is improper handling/validation of inputs in the login mechanism that allows crafted SQL statements to be executed by the database. This aligns with the CVSS metrics: high/critical imp...