Hospital Management System@1.0 Security Vulnerabilities and Issues — Hospital Management System@1.0 CVE List

Lucene search

Hospital Management System ProjectHospital Management System1.0

26 matches found

CVE•added 2022/07/01 9:15 p.m.•99 views

CVE-2022-32094

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.

9.8CVSS9.8AI score0.19803EPSS

CVE•added 2022/02/24 3:15 p.m.•83 views

CVE-2022-25403

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.

9.8CVSS9.8AI score0.00207EPSS

CVE•added 2022/02/28 11:15 p.m.•78 views

CVE-2022-25408

Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php.

5.4CVSS5.3AI score0.00181EPSS

CVE•added 2022/02/28 11:15 p.m.•75 views

CVE-2022-25407

Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php.

5.4CVSS5.3AI score0.00181EPSS

CVE•added 2022/02/24 3:15 p.m.•73 views

CVE-2022-25402

An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files.

9.1CVSS9.1AI score0.00414EPSS

CVE•added 2022/02/28 11:15 p.m.•73 views

CVE-2022-25409

Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.

5.4CVSS5.3AI score0.00181EPSS

CVE•added 2022/03/15 6:15 p.m.•73 views

CVE-2022-25493

HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.

6.1CVSS6AI score0.00199EPSS

CVE•added 2022/03/15 6:15 p.m.•71 views

CVE-2022-25490

HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.

9.8CVSS9.7AI score0.00207EPSS

CVE•added 2022/03/15 6:15 p.m.•70 views

CVE-2022-25491

HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.

7.5CVSS7.8AI score0.00201EPSS

CVE•added 2022/03/31 9:15 p.m.•67 views

CVE-2022-26546

Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.

9.1CVSS9.1AI score0.00164EPSS

CVE•added 2022/03/15 6:15 p.m.•66 views

CVE-2022-25492

HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.

9.8CVSS9.7AI score0.00207EPSS

CVE•added 2022/05/11 7:15 p.m.•66 views

CVE-2022-30449

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php.

9.8CVSS9.9AI score0.00194EPSS

CVE•added 2022/05/11 7:15 p.m.•64 views

CVE-2022-30448

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php.

9.8CVSS9.6AI score0.00319EPSS

CVE•added 2022/05/03 9:15 p.m.•63 views

CVE-2022-27413

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.

9.8CVSS9.8AI score0.12018EPSS

CVE•added 2022/05/15 4:15 p.m.•62 views

CVE-2022-28929

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.

9.8CVSS9.8AI score0.00207EPSS

CVE•added 2022/05/04 3:15 a.m.•60 views

CVE-2022-27420

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.

9.8CVSS9.8AI score0.00192EPSS

CVE•added 2022/07/20 9:15 p.m.•59 views

CVE-2022-34590

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php.

7.2CVSS7.2AI score0.04173EPSS

CVE•added 2022/09/13 9:15 p.m.•59 views

CVE-2022-38637

Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.

9.8CVSS10AI score0.57689EPSS

CVE•added 2022/04/26 2:15 p.m.•58 views

CVE-2022-27299

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.

9.8CVSS9.8AI score0.00207EPSS

CVE•added 2022/05/16 1:15 p.m.•58 views

CVE-2022-30011

In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.

9.8CVSS9.7AI score0.01616EPSS

CVE•added 2022/05/16 1:15 p.m.•57 views

CVE-2022-30012

In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.

7.5CVSS8.1AI score0.00207EPSS

CVE•added 2022/03/31 11:15 a.m.•55 views

CVE-2022-24136

Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.

9.8CVSS9.6AI score0.00183EPSS

CVE•added 2022/07/01 9:15 p.m.•46 views

CVE-2022-32093

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.

9.8CVSS9.8AI score0.00207EPSS

CVE•added 2022/07/01 9:15 p.m.•45 views

CVE-2022-32095

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.

9.8CVSS9.8AI score0.00207EPSS

CVE•added 2022/06/02 2:15 p.m.•42 views

CVE-2021-44095

A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database.

9.8CVSS9.6AI score0.00601EPSS

CVE•added 2022/05/26 5:15 p.m.•37 views

CVE-2022-30516

In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.

9.8CVSS9.8AI score0.00207EPSS