Phpgurukul Hospital Management System vulnerabilities

CVE-2023-7172 [HIGH] CWE-89 CVE-2023-7172: A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of

CVE-2023-7173 [MEDIUM] CWE-79 CVE-2023-7173: A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management Sy A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2023-31498 [CRITICAL] CWE-384 CVE-2023-31498: A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a r A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.

CVE-2021-35387 [HIGH] CWE-89 CVE-2021-35387: Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-pat Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.

CVE-2021-35388 [MEDIUM] CWE-79 CVE-2021-35388: Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.

CVE-2022-42206 [MEDIUM] CWE-79 CVE-2022-42206: PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via d PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.

CVE-2022-42205 [MEDIUM] CWE-79 CVE-2022-42205: PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via a PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.

CVE-2022-24226 [HIGH] CWE-89 CVE-2022-24226: Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via th Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.

CVE-2022-24646 [HIGH] CWE-89 CVE-2022-24646: Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.

CVE-2022-24263 [CRITICAL] CWE-89 CVE-2022-24263: Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.

CVE-2021-39411 [MEDIUM] CWE-79 CVE-2021-39411: Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4 Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.

CVE-2020-22171 [HIGH] CWE-89 CVE-2020-22171: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registra PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

CVE-2020-22175 [HIGH] CWE-89 CVE-2020-22175: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\be PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

CVE-2020-22169 [HIGH] CWE-89 CVE-2020-22169: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointm PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

CVE-2020-22170 [HIGH] CWE-89 CVE-2020-22170: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doct PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

CVE-2020-22174 [HIGH] CWE-89 CVE-2020-22174: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-app PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

CVE-2020-22173 [HIGH] CWE-89 CVE-2020-22173: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-pro PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

CVE-2020-22166 [HIGH] CWE-89 CVE-2020-22166: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-p PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

CVE-2020-22176 [HIGH] CWE-287 CVE-2020-22176: PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerabili PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.

CVE-2020-22164 [HIGH] CWE-89 CVE-2020-22164: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_av PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.