cbcvebase.

Hospital Management System Project Hospital Management System vulnerabilities

38 known vulnerabilities affecting hospital_management_system_project/hospital_management_system.

Total CVEs
38
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL24HIGH6MEDIUM8

Vulnerabilities

Page 2 of 2
CVE-2022-25492P3CRITICALCVSS 9.8v1.02022-03-15
CVE-2022-25492 [CRITICAL] CWE-89 CVE-2022-25492: HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in aja HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.
nvd
CVE-2022-25403P3CRITICALCVSS 9.8v1.02022-02-24
CVE-2022-25403 [CRITICAL] CWE-89 CVE-2022-25403: HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.
nvd
CVE-2022-26546P3CRITICALCVSS 9.1v1.02022-03-31
CVE-2022-26546 [CRITICAL] CWE-862 CVE-2022-26546: Hospital Management System v1.0 was discovered to lack an authorization component, allowing attacker Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.
nvd
CVE-2022-28929P3CRITICALCVSS 9.8v1.02022-05-15
CVE-2022-28929 [CRITICAL] CWE-89 CVE-2022-28929: Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the deli Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.
nvd
CVE-2022-46093P3HIGHCVSS 8.2v1.02023-01-13
CVE-2022-46093 [HIGH] CWE-89 CVE-2022-46093: Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator pri Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password.
nvd
CVE-2022-32095P3CRITICALCVSS 9.8v1.02022-07-01
CVE-2022-32095 [CRITICAL] CWE-89 CVE-2022-32095: Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the edit Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.
nvd
CVE-2022-32093P3CRITICALCVSS 9.8v1.02022-07-01
CVE-2022-32093 [CRITICAL] CWE-89 CVE-2022-32093: Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the logi Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
nvd
CVE-2022-30516P3CRITICALCVSS 9.8v1.02022-05-26
CVE-2022-30516 [CRITICAL] CWE-89 CVE-2022-30516: In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.
nvd
CVE-2022-27420P3CRITICALCVSS 9.8v1.02022-05-04
CVE-2022-27420 [CRITICAL] CWE-89 CVE-2022-27420: Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the pati Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
nvd
CVE-2022-25491P3HIGHCVSS 7.5v1.02022-03-15
CVE-2022-25491 [HIGH] CWE-89 CVE-2022-25491: HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appoint HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.
nvd
CVE-2024-11676P4MEDIUMCVSS 5.4v1.02024-11-26
CVE-2024-11676 [MEDIUM] CWE-79 CVE-2024-11676: A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/
nvd
CVE-2024-11678P4MEDIUMCVSS 5.4v1.02024-11-26
CVE-2024-11678 [MEDIUM] CWE-79 CVE-2024-11678: A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as probl A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting
nvd
CVE-2024-11677P4MEDIUMCVSS 5.4v1.02024-11-26
CVE-2024-11677 [MEDIUM] CWE-79 CVE-2024-11677: A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as pro A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument v_name/v_adr/v_number/v_email/v_phone/v_desc leads to cross site scripting. It is poss
nvd
CVE-2022-25493P4MEDIUMCVSS 6.1v1.02022-03-15
CVE-2022-25493 [MEDIUM] CWE-79 CVE-2022-25493: HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmen HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.
nvd
CVE-2023-34651P4MEDIUMCVSS 6.1v1.02023-06-28
CVE-2023-34651 [MEDIUM] CWE-79 CVE-2023-34651: PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
nvd
CVE-2022-25408P4MEDIUMCVSS 5.4v1.02022-02-28
CVE-2022-25408 [MEDIUM] CWE-79 CVE-2022-25408: Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulner Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php.
nvd
CVE-2022-25407P4MEDIUMCVSS 5.4v1.02022-02-28
CVE-2022-25407 [MEDIUM] CWE-79 CVE-2022-25407: Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulner Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php.
nvd
CVE-2022-25409P4MEDIUMCVSS 5.4v1.02022-02-28
CVE-2022-25409 [MEDIUM] CWE-79 CVE-2022-25409: Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulner Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.
nvd
Hospital Management System Project Hospital Management System vulnerabilities | cvebase