CVE-2020-22165
published 2021-06-22CVE-2020-22165: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the…
PriorityP274high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
6.35%
92.8th percentile
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpgurukul | hospital_management_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandusername=a' and 1=2 union select 1,2,if(substring((select user() limit 0,1),1,1)='r',sleep(8),1),4,5,6,7,8,9#&password=asfsafafsafsaf&submit=1&submit=
- →The SQLi is triggered via a time-based blind payload in the `username` POST parameter to /hms/user-login.php. A response duration >= 8 seconds combined with HTTP 200 confirms exploitation.
- →Content-Type header used in the attack request is application/x-www-form-urlencoded; monitor for anomalous POST bodies to this endpoint containing UNION SELECT or sleep() constructs.
- →The vulnerability is exploitable by remote unauthenticated users; no session or authentication token is required, making it trivially scannable. ↗
- ·The time-based blind SQLi payload uses sleep(8); detection based on response duration may produce false positives/negatives on high-latency or heavily loaded servers. Tune the threshold accordingly.
- ·The template uses a 30-second timeout per request (@timeout: 30s); ensure scanning infrastructure allows sufficient socket timeout to capture the sleep-based response.
- ·The flow requires http(1) (fingerprint) to succeed before http(2) (exploit) is attempted (stop-at-first-match); if the login page is renamed or relocated, the chain will not trigger.
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5xfj-jprx-5m93: PHPGurukul Hospital Management System in PHP v4
ghsa_unreviewed·2022-05-24
CVE-2020-22165 [HIGH] CWE-89 GHSA-5xfj-jprx-5m93: PHPGurukul Hospital Management System in PHP v4
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
VulnCheck
phpgurukul hospital_management_system Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2020·CVSS 7.5
CVE-2020-22165 [HIGH] phpgurukul hospital_management_system Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
phpgurukul hospital_management_system Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
Affected: phpgurukul hospital_management_system
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-13&host_type=src&vulnerability=cve-2020-22165; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src
No detection rules found.
Nuclei
PHPGurukul Hospital Management System 4.0 - SQL Injection
nuclei·CVSS 7.5
CVE-2020-22165 [HIGH] PHPGurukul Hospital Management System 4.0 - SQL Injection
PHPGurukul Hospital Management System 4.0 - SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain sensitive database information.
Template:
id: CVE-2020-22165
info:
name: PHPGurukul Hospital Management System 4.0 - SQL Injection
author: ritikchaddha
severity: high
description: |
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain sensitive database information.
impact: |
Successful exploitation allows attackers to access sensitive data from the database, potentially leading to data leakage and further compromise of the applicati
No writeups or analysis indexed.
2021-06-22
Published
Exploited in the wild