Hospital Management System
hospital_management_system
Vendor: Hospital Management System Project • 43 CVEs
CVEs (43)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 May 16, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 May 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 May 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 May 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 May 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 May 4, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 May 3, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 Apr 26, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 Mar 31, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 Mar 31, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 Mar 15, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 Mar 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 Mar 15, 2022 N/A· v4 7.5 HIGH· v3 7.5 HIGH· v2 HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 Mar 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 Feb 28, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 Feb 28, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 Feb 28, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 Feb 24, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 Feb 24, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. |
1Hospital Management System Project 1Hospital Management System Nov 21, 2024 Aug 16, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. |