Hospital Management System@4.0 Security Vulnerabilities and Issues — Hospital Management System@4.0 CVE List

Lucene search

PhpgurukulHospital Management System4.0

9 matches found

CVE•added 2024/10/21 7:15 p.m.•48 views

CVE-2024-46239

Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php.

5.9CVSS6.6AI score0.00075EPSS

CVE•added 2024/01/10 9:15 a.m.•45 views

CVE-2020-26629

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.

9.8CVSS9.4AI score0.00718EPSS

CVE•added 2024/10/21 7:15 p.m.•44 views

CVE-2024-46238

Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php

5.9CVSS6.3AI score0.00075EPSS

CVE•added 2024/01/10 9:15 a.m.•43 views

CVE-2020-26630

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.

4.9CVSS5.5AI score0.00123EPSS

CVE•added 2024/11/05 2:15 a.m.•39 views

CVE-2024-10807

A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. Th...

5.1CVSS3.8AI score0.00089EPSS

CVE•added 2024/11/05 1:15 a.m.•38 views

CVE-2024-10806

A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be initiat...

5.1CVSS3.9AI score0.00089EPSS

CVE•added 2024/10/09 2:15 p.m.•37 views

CVE-2024-46237

PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php.

5.4CVSS6.2AI score0.00058EPSS

CVE•added 2024/01/10 9:15 a.m.•33 views

CVE-2020-26628

A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile.

6.1CVSS5.8AI score0.00235EPSS

CVE•added 2024/01/10 9:15 a.m.•24 views

CVE-2020-26627

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab.

4.9CVSS5.4AI score0.00123EPSS