Hospital Management System

hospital_management_system

Vendor: Kishan0725 • 14 CVEs

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-63514 1Kishan0725 1Hospital Management System Nov 20, 2025 Nov 18, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter.
CVE-2025-63513 1Kishan0725 1Hospital Management System Nov 20, 2025 Nov 18, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functionality.
CVE-2025-63512 1Kishan0725 1Hospital Management System Nov 20, 2025 Nov 18, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize user-supplied input from...Show more kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize user-supplied input from the demail parameter before incorporating it directly into a dynamic SQL query.Show less
CVE-2023-41532 1Kishan0725 1Hospital Management System Aug 11, 2025 Aug 7, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.
CVE-2023-41531 1Kishan0725 1Hospital Management System Aug 11, 2025 Aug 7, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.
CVE-2023-41530 1Kishan0725 1Hospital Management System Aug 11, 2025 Aug 7, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
CVE-2023-41529 1Kishan0725 1Hospital Management System Aug 11, 2025 Aug 7, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters.
CVE-2023-41528 1Kishan0725 1Hospital Management System Aug 11, 2025 Aug 7, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
CVE-2023-41527 1Kishan0725 1Hospital Management System Aug 11, 2025 Aug 7, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
CVE-2023-41526 1Kishan0725 1Hospital Management System Aug 11, 2025 Aug 7, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.
CVE-2023-41525 1Kishan0725 1Hospital Management System Aug 11, 2025 Aug 7, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
CVE-2023-40992 1Kishan0725 1Hospital Management System Aug 11, 2025 Aug 7, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.
CVE-2023-43958 1Kishan0725 1Hospital Management System May 14, 2025 Apr 22, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrar...Show more An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code.Show less
CVE-2024-45983 1Kishan0725 1Hospital Management System May 16, 2025 Sep 26, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a do...Show more A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an authenticated admin user to visit the specially crafted web page, the attacker can leverage the victim's browser to make unauthorized requests to the vulnerable endpoint, effectively allowing the attacker to perform actions on behalf of the admin without their consent.Show less