CVE-2020-26629 – Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
https://notcve.org/view.php?id=CVE-2020-26629
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. Se descubrió una vulnerabilidad de carga arbitraria de archivos sin restricciones de JQuery en Hospital Management System V4.0 que permite a un atacante no autenticado cargar cualquier archivo en el servidor. Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. • https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-31498
https://notcve.org/view.php?id=CVE-2023-31498
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. • https://gist.github.com/captain-noob/aff11542477ddd0a92ad8b94ec75f832 https://github.com/captain-noob https://twitter.com/captain__noob • CWE-384: Session Fixation •
CVE-2022-48120
https://notcve.org/view.php?id=CVE-2022-48120
SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php. Vulnerabilidad de inyección SQL en kishan0725 Hospital Management System a través de la confirmación 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (el 13 de marzo de 2021), permite a los atacantes ejecutar comandos arbitrarios a través de los parámetros de contacto y médico en /search.php. • https://github.com/kishan0725/Hospital-Management-System/issues/32 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-35387
https://notcve.org/view.php?id=CVE-2021-35387
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. Hospital Management System v 4.0 es vulnerable a la inyección SQL a través del archivo: hospital/hms/admin/view-patient.php. • https://github.com/BigTiger2020/Hospital-Management-System/blob/main/Hospital%20Management%20System.md https://phpgurukul.com/hospital-management-system-in-php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-35388
https://notcve.org/view.php?id=CVE-2021-35388
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. Hospital Management System v 4.0 es vulnerable a Cross Site Scripting (XSS) a través de /hospital/hms/admin/patient-search.php. • https://github.com/BigTiger2020/Hospital-Management-System/blob/main/xss.md https://phpgurukul.com/hospital-management-system-in-php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •