Vulnerabilities > Hospital Management System Project > Hospital Management System > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2021-44095 SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0
A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database.
network
low complexity
hospital-management-system-project CWE-89
critical
 9.8
9.8
2022-05-26 CVE-2022-30516 SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0
In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.
network
low complexity
hospital-management-system-project CWE-89
critical
 9.8
9.8
2022-05-16 CVE-2022-30011 SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0
In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.
network
low complexity
hospital-management-system-project CWE-89
critical
 9.8
9.8
2022-05-15 CVE-2022-28929 SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.
network
low complexity
hospital-management-system-project CWE-89
critical
 9.8
9.8
2022-05-11 CVE-2022-30449 SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php.
network
low complexity
hospital-management-system-project CWE-89
critical
 9.8
9.8
2022-05-11 CVE-2022-30448 Unrestricted Upload of File with Dangerous Type vulnerability in Hospital Management System Project Hospital Management System 1.0
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php.
network
low complexity
hospital-management-system-project CWE-434
critical
 9.8
9.8
2022-05-04 CVE-2022-27420 SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
network
low complexity
hospital-management-system-project CWE-89
critical
 9.8
9.8
2022-05-03 CVE-2022-27413 SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.
network
low complexity
hospital-management-system-project CWE-89
critical
 9.8
9.8
2022-04-26 CVE-2022-27299 SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.
network
low complexity
hospital-management-system-project CWE-89
critical
 9.8
9.8
2022-03-31 CVE-2022-26546 Missing Authorization vulnerability in Hospital Management System Project Hospital Management System 1.0
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.
network
low complexity
hospital-management-system-project CWE-862
critical
 9.1
9.1