Vulnerabilities (CVE)

Filtered by vendor Phpgurukul Subscribe
Filtered by product Hospital Management System
Total 40 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-35745 1 Phpgurukul 1 Hospital Management System 2024-11-21 6.5 MEDIUM 8.8 HIGH
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.
CVE-2020-26630 1 Phpgurukul 1 Hospital Management System 2024-11-21 N/A 4.9 MEDIUM
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.
CVE-2020-26629 1 Phpgurukul 1 Hospital Management System 2024-11-21 N/A 9.8 CRITICAL
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
CVE-2020-26628 1 Phpgurukul 1 Hospital Management System 2024-11-21 N/A 6.1 MEDIUM
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile.
CVE-2020-26627 1 Phpgurukul 1 Hospital Management System 2024-11-21 N/A 4.9 MEDIUM
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab.
CVE-2020-25271 1 Phpgurukul 1 Hospital Management System 2024-11-21 3.5 LOW 5.4 MEDIUM
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.
CVE-2020-22176 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.0 MEDIUM 7.5 HIGH
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.
CVE-2020-22175 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.0 MEDIUM 7.5 HIGH
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22174 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.0 MEDIUM 7.5 HIGH
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22173 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.0 MEDIUM 7.5 HIGH
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22172 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.0 MEDIUM 7.5 HIGH
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22171 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.0 MEDIUM 7.5 HIGH
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22170 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.0 MEDIUM 7.5 HIGH
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22169 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.0 MEDIUM 7.5 HIGH
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22168 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.0 MEDIUM 7.5 HIGH
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22167 1 Phpgurukul 1 Hospital Management System 2024-11-21 3.5 LOW 5.4 MEDIUM
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.
CVE-2020-22166 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.0 MEDIUM 7.5 HIGH
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22165 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.0 MEDIUM 7.5 HIGH
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22164 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.0 MEDIUM 7.5 HIGH
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2024-46237 1 Phpgurukul 1 Hospital Management System 2024-10-22 N/A 5.4 MEDIUM
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php.