CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25403
https://notcve.org/view.php?id=CVE-2022-25403
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. Se ha detectado que HMS versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del componente admin.php • https://github.com/dota-st/Vulnerability/blob/master/HMS/HMS.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25402
https://notcve.org/view.php?id=CVE-2022-25402
An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. Un problema de control de acceso incorrecto en HMS versión v1.0, permite a atacantes no autenticados leer y modificar todos los archivos PHP • https://github.com/dota-st/Vulnerability/blob/master/HMS/HMS.md •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18705 – PHPTPoint Hospital Management System 1 SQL Injection
https://notcve.org/view.php?id=CVE-2018-18705
PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php. PhpTpoint hospital management system sufre de múltiples vulnerabilidades de inyección SQL mediante el parámetro user en index.php asociado a LOGIN.php, o el parámetro rno en ALIST.php, DUNDEL.php, PDEL.php o PUNDEL.php. PHPTPoint Hospital Management System version 1 suffers from remote SQL injection vulnerabilities. • https://packetstormsecurity.com/files/149942/PHPTPoint-Hospital-Management-System-1-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •