CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2020-26629 – Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
https://notcve.org/view.php?id=CVE-2020-26629
22 Dec 2023 — A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. Se descubrió una vulnerabilidad de carga arbitraria de archivos sin restricciones de JQuery en Hospital Management System V4.0 que permite a un atacante no autenticado cargar cualquier archivo en el servidor. Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL ... • https://packetstorm.news/files/id/176302 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-26630 – Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
https://notcve.org/view.php?id=CVE-2020-26630
22 Dec 2023 — A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin. Se descubrió una vulnerabilidad de inyección SQL basada en tiempo en Hospital Management System V4.0 que puede permitir a un atacante volcar información de la base de datos a través de un payload especial en el campo "Especialización de médicos"... • https://packetstorm.news/files/id/176302 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1CVE-2023-31498
https://notcve.org/view.php?id=CVE-2023-31498
11 May 2023 — A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. • https://gist.github.com/captain-noob/aff11542477ddd0a92ad8b94ec75f832 • CWE-384: Session Fixation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35387
https://notcve.org/view.php?id=CVE-2021-35387
28 Oct 2022 — Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. Hospital Management System v 4.0 es vulnerable a la inyección SQL a través del archivo: hospital/hms/admin/view-patient.php. • https://github.com/BigTiger2020/Hospital-Management-System/blob/main/Hospital%20Management%20System.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35388
https://notcve.org/view.php?id=CVE-2021-35388
28 Oct 2022 — Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. Hospital Management System v 4.0 es vulnerable a Cross Site Scripting (XSS) a través de /hospital/hms/admin/patient-search.php. • https://github.com/BigTiger2020/Hospital-Management-System/blob/main/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42205
https://notcve.org/view.php?id=CVE-2022-42205
21 Oct 2022 — PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php. PHPGurukul Hospital Management System In PHP versión V4.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del archivo add-patient.php • https://sisl.lab.uic.edu/projects/chess/cross-site-scripting-in-hms2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42206
https://notcve.org/view.php?id=CVE-2022-42206
21 Oct 2022 — PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. PHPGurukul Hospital Management System In PHP versión V4.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio de los archivos doctor/view-patient.php, admin/view-patient.php, y view-medhistory.php • https://sisl.lab.uic.edu/projects/chess/cross-site-scripting-in-hms3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-24226
https://notcve.org/view.php?id=CVE-2022-24226
15 Feb 2022 — Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. Se ha detectado que Hospital Management System versión v4.0, contiene una vulnerabilidad de inyección SQL ciega por medio de la función register en el archivo func2.php • https://github.com/Nguyen-Trung-Kien/CVE • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2022-24646
https://notcve.org/view.php?id=CVE-2022-24646
10 Feb 2022 — Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. Se ha detectado que Hospital Management System versión v4.0, contiene una vulnerabilidad de inyección SQL en el archivo /Hospital-Management-System-master/contact.php por medio de los parámetros txtMsg • https://github.com/kishan0725/Hospital-Management-System/issues/18 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 6CVE-2022-24263 – Hospital Management System 4.0 - 'multiple' SQL Injection
https://notcve.org/view.php?id=CVE-2022-24263
31 Jan 2022 — Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. Se ha detectado que Hospital Management System versión v4.0, contiene una vulnerabilidad de inyección SQL en el componente /Hospital-Management-System-master/func.php por medio del parámetro email Hospital Management System version 4.0 suffers from multiple remote SQL injection vulnerabilities. Original discovered of SQL injection in this version is ... • https://packetstorm.news/files/id/165882 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •