CVE-2022-25003
https://notcve.org/view.php?id=CVE-2022-25003
Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php. Se ha detectado que Hospital Patient Record Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /admin/doctors/view_doctor.php • https://github.com/09-by-ly/HPRMS-SQL_injection/blob/gh-pages/SQL%20injection.md https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-25003 https://www.nu11secur1ty.com/2022/03/cve-2022-25003.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-25402
https://notcve.org/view.php?id=CVE-2022-25402
An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. Un problema de control de acceso incorrecto en HMS versión v1.0, permite a atacantes no autenticados leer y modificar todos los archivos PHP • https://github.com/dota-st/Vulnerability/blob/master/HMS/HMS.md •
CVE-2022-25403
https://notcve.org/view.php?id=CVE-2022-25403
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. Se ha detectado que HMS versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del componente admin.php • https://github.com/dota-st/Vulnerability/blob/master/HMS/HMS.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-22853
https://notcve.org/view.php?id=CVE-2022-22853
A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Name field. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenada en Hospital Patient Record Management System versión v1.0, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada insertada en el campo Name • https://github.com/Dheeraj-Deshmukh/stored-xss-in-Hospital-s-Patient-Records-Management-System https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html https://www.sourcecodester.com/sites/default/files/download/oretnom23/hprms_0.zip • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-22854
https://notcve.org/view.php?id=CVE-2022-22854
An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. Un problema de control de acceso en hprms/admin/?page=user/list de Hospital Patient Record Management System versión v1.0, permite a atacantes escalar privilegios por medio del acceso y la edición de la lista de usuarios • https://github.com/Dheeraj-Deshmukh/Hospital-s-patient-management-system • CWE-862: Missing Authorization •