cbcvebase.
CVE-2020-22165
published 2021-06-22

CVE-2020-22165: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the…

PriorityP274high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
6.35%
92.8th percentile
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Affected

1 ranges
VendorProductVersion rangeFixed in
phpgurukulhospital_management_system

Detection & IOCsextracted from sources · hover to see the quote

path/hms/user-login.php
commandusername=a' and 1=2 union select 1,2,if(substring((select user() limit 0,1),1,1)='r',sleep(8),1),4,5,6,7,8,9#&password=asfsafafsafsaf&submit=1&submit=
  • The SQLi is triggered via a time-based blind payload in the `username` POST parameter to /hms/user-login.php. A response duration >= 8 seconds combined with HTTP 200 confirms exploitation.
  • Content-Type header used in the attack request is application/x-www-form-urlencoded; monitor for anomalous POST bodies to this endpoint containing UNION SELECT or sleep() constructs.
  • The vulnerability is exploitable by remote unauthenticated users; no session or authentication token is required, making it trivially scannable.
  • ·The time-based blind SQLi payload uses sleep(8); detection based on response duration may produce false positives/negatives on high-latency or heavily loaded servers. Tune the threshold accordingly.
  • ·The template uses a 30-second timeout per request (@timeout: 30s); ensure scanning infrastructure allows sufficient socket timeout to capture the sleep-based response.
  • ·The flow requires http(1) (fingerprint) to succeed before http(2) (exploit) is attempted (stop-at-first-match); if the login page is renamed or relocated, the chain will not trigger.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.