Vulnerabilities > Phpgurukul > Hospital Management System > 4.0

DATE CVE VULNERABILITY TITLE RISK
2024-10-09 CVE-2024-46237 Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php.
network
low complexity
phpgurukul CWE-79
5.4
5.4
2024-01-10 CVE-2020-26627 SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab.
network
low complexity
phpgurukul CWE-89
4.9
4.9
2024-01-10 CVE-2020-26628 Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile.
network
low complexity
phpgurukul CWE-79
6.1
6.1
2024-01-10 CVE-2020-26629 Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul Hospital Management System 4.0
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
network
low complexity
phpgurukul CWE-434
critical
 9.8
9.8
2024-01-10 CVE-2020-26630 SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.
network
low complexity
phpgurukul CWE-89
4.9
4.9
2023-05-11 CVE-2023-31498 Session Fixation vulnerability in PHPgurukul Hospital Management System 4.0
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.
network
low complexity
phpgurukul CWE-384
critical
 9.8
9.8
2022-10-28 CVE-2021-35387 SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
network
low complexity
phpgurukul CWE-89
8.8
8.8
2022-10-28 CVE-2021-35388 Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
network
low complexity
phpgurukul CWE-79
5.4
5.4
2022-10-21 CVE-2022-42205 Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.
network
low complexity
phpgurukul CWE-79
5.4
5.4
2022-10-21 CVE-2022-42206 Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.
network
low complexity
phpgurukul CWE-79
5.4
5.4