CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-24226
https://notcve.org/view.php?id=CVE-2022-24226
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. Se ha detectado que Hospital Management System versión v4.0, contiene una vulnerabilidad de inyección SQL ciega por medio de la función register en el archivo func2.php • https://github.com/Nguyen-Trung-Kien/CVE https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24226/CVE-2022-24226.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2022-24646
https://notcve.org/view.php?id=CVE-2022-24646
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. Se ha detectado que Hospital Management System versión v4.0, contiene una vulnerabilidad de inyección SQL en el archivo /Hospital-Management-System-master/contact.php por medio de los parámetros txtMsg • https://github.com/kishan0725/Hospital-Management-System/issues/18 https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-24263 https://www.nu11secur1ty.com/2022/02/cve-2022-24263.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 11%CPEs: 1EXPL: 5CVE-2022-24263 – Hospital Management System 4.0 - 'multiple' SQL Injection
https://notcve.org/view.php?id=CVE-2022-24263
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. Se ha detectado que Hospital Management System versión v4.0, contiene una vulnerabilidad de inyección SQL en el componente /Hospital-Management-System-master/func.php por medio del parámetro email Hospital Management System version 4.0 suffers from multiple remote SQL injection vulnerabilities. Original discovered of SQL injection in this version is attributed to Metin Yunus Kandemir in January of 2020. • https://www.exploit-db.com/exploits/50718 http://packetstormsecurity.com/files/165882/Hospital-Management-System-4.0-SQL-Injection.html https://github.com/kishan0725/Hospital-Management-System/issues/17 https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-24263 https://github.com/truonghuuphuc/CVE https://www.nu11secur1ty.com/2022/02/cve-2022-24263.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39411
https://notcve.org/view.php?id=CVE-2021-39411
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php. Se presentan múltiples vulnerabilidades de tipo Cross Site Scripting (XSS) en PHPGurukul Hospital Management System versión 4.0, por medio del parámetro (1) searchdata en (a) el archivo doctor/search.php y (b) admin/patient-search.php, y los parámetros (2) fromdate y (3) todate en el archivo admin/betweendates-detailsreports.php • https://sisl.lab.uic.edu/projects/chess/hmsp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22176
https://notcve.org/view.php?id=CVE-2020-22176
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information. PHPGurukul Hospital Management System en PHP versión v4.0, presenta una vulnerabilidad de divulgación de información confidencial en múltiples áreas. Los usuarios no autentificados remoto pueden explotar la vulnerabilidad para obtener información confidencial del usuario • https://github.com/itodaro/PHPGurukul_Hospital_Management_System4.0_cve • CWE-287: Improper Authentication CWE-862: Missing Authorization •