Phpgurukul Hospital Management System vulnerabilities

CVE-2020-22165 [HIGH] CWE-89 CVE-2020-22165: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-log PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

CVE-2020-22168 [HIGH] CWE-89 CVE-2020-22168: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-e PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

CVE-2020-22172 [HIGH] CWE-89 CVE-2020-22172: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doct PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

CVE-2020-22167 [MEDIUM] CWE-79 CVE-2020-22167: PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerabilit PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.

CVE-2020-35745 [HIGH] CWE-862 CVE-2020-35745: PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.

CVE-2020-25271 [MEDIUM] CWE-79 CVE-2020-25271: PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/sea PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.

CVE-2020-5193 [MEDIUM] CWE-79 CVE-2020-5193: PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilitie PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.

CVE-2020-5192 [HIGH] CWE-89 CVE-2020-5192: PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilitie PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.

CVE-2020-5191 [MEDIUM] CWE-79 CVE-2020-5191: PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabiliti PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.