Vulnerabilities > Hospital S Patient Records Management System Project > Hospital S Patient Records Management System > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-14 | CVE-2022-32348 | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_doctor. | 6.5 |
| 2022-06-14 | CVE-2022-32349 | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_history. | 6.5 |
| 2022-06-14 | CVE-2022-32350 | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room_type. | 6.5 |
| 2022-06-14 | CVE-2022-32351 | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message. | 6.5 |
| 2022-02-24 | CVE-2022-24232 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 6.8 |
| 2022-02-14 | CVE-2022-22854 | Missing Authorization vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. | 6.5 |
| 2022-01-26 | CVE-2022-22852 | Cross-site Scripting vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_list. | 4.3 |
| 2022-01-24 | CVE-2022-22296 | Incorrect Default Permissions vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. | 5.0 |