Vulnerabilities > Hospital Management System Project

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-11	CVE-2023-31498	Session Fixation vulnerability in Hospital Management System Project Hospital Management System 4.0 A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. network low complexity hospital-management-system-project CWE-384 critical	9.8
2023-01-20	CVE-2022-48120	SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0/4.0 SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php. network low complexity hospital-management-system-project CWE-89 critical	9.8
2023-01-13	CVE-2022-46093	SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 Hospital Management System v1.0 is vulnerable to SQL Injection. network low complexity hospital-management-system-project CWE-89	8.2
2022-10-28	CVE-2021-35387	SQL Injection vulnerability in Hospital Management System Project Hospital Management System 4.0 Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. network low complexity hospital-management-system-project CWE-89	8.8
2022-10-28	CVE-2021-35388	Cross-site Scripting vulnerability in Hospital Management System Project Hospital Management System 4.0 Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. network low complexity hospital-management-system-project CWE-79	5.4
2022-10-21	CVE-2022-42205	Cross-site Scripting vulnerability in Hospital Management System Project Hospital Management System 4.0 PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php. network low complexity hospital-management-system-project CWE-79	5.4
2022-10-21	CVE-2022-42206	Cross-site Scripting vulnerability in Hospital Management System Project Hospital Management System 4.0 PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. network low complexity hospital-management-system-project CWE-79	5.4
2022-07-01	CVE-2022-32093	SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. network low complexity hospital-management-system-project CWE-89	7.5
2022-07-01	CVE-2022-32094	SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. network low complexity hospital-management-system-project CWE-89	7.5
2022-07-01	CVE-2022-32095	SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. network low complexity hospital-management-system-project CWE-89	7.5