Hospital Management System Security Vulnerabilities and Issues — Hospital Management System CVE List

Lucene search

Hospital Management System ProjectHospital Management System

45 matches found

CVE•added 2023/07/21 4:15 a.m.•152 views

CVE-2023-3810

A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file patientappointment.php. The manipulation of the argument loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/city leads to sql i...

9.8CVSS8.3AI score0.00053EPSS

CVE•added 2023/07/21 4:15 a.m.•150 views

CVE-2023-3809

A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file patient.php. The manipulation of the argument address leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to t...

9.8CVSS8.3AI score0.00053EPSS

CVE•added 2023/07/21 5:15 a.m.•141 views

CVE-2023-3811

A vulnerability was found in Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file patientprofile.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been disclose...

9.8CVSS7.4AI score0.00057EPSS

CVE•added 2023/08/06 2:15 a.m.•139 views

CVE-2023-4176

A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file appointmentapproval.php. The manipulation of the argument time leads to sql injection. It is possible to initiate the attack remotely. The exploit...

9.8CVSS8.3AI score0.00053EPSS

CVE•added 2022/07/01 9:15 p.m.•99 views

CVE-2022-32094

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.

9.8CVSS9.8AI score0.19803EPSS

CVE•added 2022/02/24 3:15 p.m.•83 views

CVE-2022-25403

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.

9.8CVSS9.8AI score0.00207EPSS

CVE•added 2022/02/28 11:15 p.m.•78 views

CVE-2022-25408

Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php.

5.4CVSS5.3AI score0.00181EPSS

CVE•added 2022/02/28 11:15 p.m.•75 views

CVE-2022-25407

Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php.

5.4CVSS5.3AI score0.00181EPSS

CVE•added 2022/02/24 3:15 p.m.•73 views

CVE-2022-25402

An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files.

9.1CVSS9.1AI score0.00414EPSS

CVE•added 2022/02/28 11:15 p.m.•73 views

CVE-2022-25409

Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.

5.4CVSS5.3AI score0.00181EPSS

CVE•added 2022/03/15 6:15 p.m.•73 views

CVE-2022-25493

HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.

6.1CVSS6AI score0.00199EPSS

CVE•added 2022/03/15 6:15 p.m.•71 views

CVE-2022-25490

HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.

9.8CVSS9.7AI score0.00207EPSS

CVE•added 2022/03/15 6:15 p.m.•70 views

CVE-2022-25491

HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.

7.5CVSS7.8AI score0.00201EPSS

CVE•added 2022/03/31 9:15 p.m.•67 views

CVE-2022-26546

Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.

9.1CVSS9.1AI score0.00164EPSS

CVE•added 2022/03/15 6:15 p.m.•66 views

CVE-2022-25492

HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.

9.8CVSS9.7AI score0.00207EPSS

CVE•added 2022/05/11 7:15 p.m.•66 views

CVE-2022-30449

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php.

9.8CVSS9.9AI score0.00194EPSS

CVE•added 2022/05/11 7:15 p.m.•64 views

CVE-2022-30448

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php.

9.8CVSS9.6AI score0.00319EPSS

CVE•added 2022/05/03 9:15 p.m.•63 views

CVE-2022-27413

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.

9.8CVSS9.8AI score0.12018EPSS

CVE•added 2022/05/15 4:15 p.m.•62 views

CVE-2022-28929

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.

9.8CVSS9.8AI score0.00207EPSS

CVE•added 2022/05/04 3:15 a.m.•60 views

CVE-2022-27420

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.

9.8CVSS9.8AI score0.00192EPSS

CVE•added 2022/07/20 9:15 p.m.•59 views

CVE-2022-34590

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php.

7.2CVSS7.2AI score0.04215EPSS

CVE•added 2022/09/13 9:15 p.m.•59 views

CVE-2022-38637

Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.

9.8CVSS10AI score0.57689EPSS

CVE•added 2022/04/26 2:15 p.m.•58 views

CVE-2022-27299

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.

9.8CVSS9.8AI score0.00207EPSS

CVE•added 2022/05/16 1:15 p.m.•58 views

CVE-2022-30011

In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.

9.8CVSS9.7AI score0.01616EPSS

CVE•added 2022/05/16 1:15 p.m.•57 views

CVE-2022-30012

In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.

7.5CVSS8.1AI score0.00207EPSS

CVE•added 2021/08/16 2:15 p.m.•56 views

CVE-2021-38757

Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.

6.1CVSS6AI score0.00268EPSS

CVE•added 2022/03/31 11:15 a.m.•55 views

CVE-2022-24136

Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.

9.8CVSS9.6AI score0.00183EPSS

CVE•added 2024/07/22 9:15 p.m.•54 views

CVE-2024-40502

SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btn_login_b_Click function of the Loginpage.aspx

9.8CVSS8.5AI score0.00373EPSS

CVE•added 2022/07/01 9:15 p.m.•46 views

CVE-2022-32093

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.

9.8CVSS9.8AI score0.00207EPSS

CVE•added 2022/07/01 9:15 p.m.•45 views

CVE-2022-32095

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.

9.8CVSS9.8AI score0.00207EPSS

CVE•added 2024/04/29 6:15 p.m.•44 views

CVE-2024-28320

Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php.

7.6CVSS6.7AI score0.00107EPSS

CVE•added 2024/11/26 1:15 a.m.•43 views

CVE-2024-11676

A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_c...

5.4CVSS3.8AI score0.00095EPSS

CVE•added 2022/06/02 2:15 p.m.•42 views

CVE-2021-44095

A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database.

9.8CVSS9.6AI score0.00601EPSS

CVE•added 2024/11/26 2:15 a.m.•41 views

CVE-2024-11677

A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument v_name/v_adr/v_number/v_email/v_p...

5.4CVSS3.8AI score0.00095EPSS

CVE•added 2024/11/26 2:15 a.m.•41 views

CVE-2024-11678

A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_...

5.4CVSS3.9AI score0.00079EPSS

CVE•added 2024/11/26 12:15 a.m.•40 views

CVE-2024-11674

A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Affected is an unknown function of the file /backend/doc/his_doc_update-account.php. The manipulation of the argument doc_dpic leads to unrestricted upload. It is possible to launch the attack ...

8.8CVSS6.5AI score0.00201EPSS

CVE•added 2022/05/26 5:15 p.m.•37 views

CVE-2022-30516

In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.

9.8CVSS9.8AI score0.00207EPSS

CVE•added 2023/01/13 10:15 p.m.•36 views

CVE-2022-46093

Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password.

8.2CVSS8.3AI score0.00103EPSS

CVE•added 2021/08/16 2:15 p.m.•35 views

CVE-2021-38754

SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.

9.8CVSS9.8AI score0.00333EPSS

CVE•added 2023/01/20 7:15 p.m.•34 views

CVE-2022-48120

SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php.

9.8CVSS9.9AI score0.00093EPSS

CVE•added 2021/08/16 2:15 p.m.•33 views

CVE-2021-38756

Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php.

6.1CVSS6AI score0.00196EPSS

CVE•added 2021/08/16 2:15 p.m.•32 views

CVE-2021-38755

Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php.

5.3CVSS5.2AI score0.00198EPSS

CVE•added 2023/09/29 1:15 p.m.•30 views

CVE-2023-43909

Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.

9.1CVSS9.4AI score0.0008EPSS

CVE•added 2023/07/21 3:15 a.m.•29 views

CVE-2023-3808

A vulnerability was found in Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file patientforgotpassword.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the pub...

8.8CVSS7.7AI score0.00053EPSS

CVE•added 2023/06/28 9:15 p.m.•22 views

CVE-2023-34651

PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).

6.1CVSS6.1AI score0.00305EPSS