Vulnerabilities > Phpgurukul > Hospital Management System > 4.0

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-10	CVE-2020-26627	SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. network low complexity phpgurukul CWE-89	4.9
2024-01-10	CVE-2020-26628	Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile. network low complexity phpgurukul CWE-79	6.1
2024-01-10	CVE-2020-26629	Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul Hospital Management System 4.0 A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. network low complexity phpgurukul CWE-434 critical	9.8
2024-01-10	CVE-2020-26630	SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin. network low complexity phpgurukul CWE-89	4.9
2023-05-11	CVE-2023-31498	Session Fixation vulnerability in PHPgurukul Hospital Management System 4.0 A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. network low complexity phpgurukul CWE-384 critical	9.8
2022-10-28	CVE-2021-35387	SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. network low complexity phpgurukul CWE-89	8.8
2022-10-28	CVE-2021-35388	Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. network low complexity phpgurukul CWE-79	5.4
2022-10-21	CVE-2022-42205	Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php. network low complexity phpgurukul CWE-79	5.4
2022-10-21	CVE-2022-42206	Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. network low complexity phpgurukul CWE-79	5.4
2022-02-15	CVE-2022-24226	SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. network low complexity phpgurukul CWE-89	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.