CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0267 – Kashipara Hospital Management System Parameter login.php sql injection
https://notcve.org/view.php?id=CVE-2024-0267
A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%201.pdf https://vuldb.com/?ctiid.249823 https://vuldb.com/?id.249823 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-7173 – PHPGurukul Hospital Management System registration.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-7173
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sharathc213/CVE-2023-7173 https://drive.google.com/file/d/1Mqs0mmxxmKLrFLHekPke5bZnzMHvnrFm/view?usp=sharing https://vuldb.com/?ctiid.249357 https://vuldb.com/?id.249357 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-7172 – PHPGurukul Hospital Management System Admin Dashboard sql injection
https://notcve.org/view.php?id=CVE-2023-7172
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sharathc213/CVE-2023-7172 https://drive.google.com/file/d/11DHRUjvOF0yV24I4JlZ0X1RE4V-mcood/view?usp=sharing https://vuldb.com/?ctiid.249356 https://vuldb.com/?id.249356 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26627 – Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
https://notcve.org/view.php?id=CVE-2020-26627
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. Se descubrió una vulnerabilidad de inyección SQL basada en tiempo en Hospital Management System V4.0 que puede permitir a un atacante volcar información de la base de datos a través de un payload manipulado ingresado en el parámetro 'Observación del administrador' en la pestaña 'Consultas de contacto -> Consulta no leída'. Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. • https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26628 – Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
https://notcve.org/view.php?id=CVE-2020-26628
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile. Se descubrió una vulnerabilidad de Cross-Site Scripting (XSS) en Hospital Management System V4.0 que permite a un atacante ejecutar scripts web arbitrarios o código HTML a través de un payload malicioso adjuntdo a un nombre de usuario en la página "Editar perfil" y se activa cuando otro usuario visita el perfil. Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. • https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •