Hospital Management System Project Hospital Management System vulnerabilities

CVE-2022-30012 [HIGH] CWE-89 CVE-2022-30012: In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.

CVE-2022-28929 [CRITICAL] CWE-89 CVE-2022-28929: Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the deli Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.

CVE-2022-30449 [CRITICAL] CWE-89 CVE-2022-30449: Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injecti Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php.

CVE-2022-30448 [CRITICAL] CWE-434 CVE-2022-30448: Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php.

CVE-2022-27420 [CRITICAL] CWE-89 CVE-2022-27420: Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the pati Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.

CVE-2022-27413 [CRITICAL] CWE-89 CVE-2022-27413: Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the admi Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.

CVE-2022-27299 [CRITICAL] CWE-89 CVE-2022-27299: Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the comp Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.

CVE-2022-24136 [CRITICAL] CWE-434 CVE-2022-24136: Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerab Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.

CVE-2022-26546 [CRITICAL] CWE-862 CVE-2022-26546: Hospital Management System v1.0 was discovered to lack an authorization component, allowing attacker Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.

CVE-2022-25490 [CRITICAL] CWE-89 CVE-2022-25490: HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in departm HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.

CVE-2022-25492 [CRITICAL] CWE-89 CVE-2022-25492: HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in aja HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.

CVE-2022-25491 [HIGH] CWE-89 CVE-2022-25491: HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appoint HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.

CVE-2022-25493 [MEDIUM] CWE-79 CVE-2022-25493: HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmen HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.

CVE-2022-25408 [MEDIUM] CWE-79 CVE-2022-25408: Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulner Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php.

CVE-2022-25407 [MEDIUM] CWE-79 CVE-2022-25407: Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulner Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php.

CVE-2022-25409 [MEDIUM] CWE-79 CVE-2022-25409: Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulner Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.

CVE-2022-25402 [CRITICAL] CVE-2022-25402: An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify al An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files.

CVE-2022-25403 [CRITICAL] CWE-89 CVE-2022-25403: HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.