CVE-2021-35387
https://notcve.org/view.php?id=CVE-2021-35387
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. Hospital Management System v 4.0 es vulnerable a la inyección SQL a través del archivo: hospital/hms/admin/view-patient.php. • https://github.com/BigTiger2020/Hospital-Management-System/blob/main/Hospital%20Management%20System.md https://phpgurukul.com/hospital-management-system-in-php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-35388
https://notcve.org/view.php?id=CVE-2021-35388
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. Hospital Management System v 4.0 es vulnerable a Cross Site Scripting (XSS) a través de /hospital/hms/admin/patient-search.php. • https://github.com/BigTiger2020/Hospital-Management-System/blob/main/xss.md https://phpgurukul.com/hospital-management-system-in-php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-42205
https://notcve.org/view.php?id=CVE-2022-42205
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php. PHPGurukul Hospital Management System In PHP versión V4.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del archivo add-patient.php • https://sisl.lab.uic.edu/projects/chess/cross-site-scripting-in-hms2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-42206
https://notcve.org/view.php?id=CVE-2022-42206
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. PHPGurukul Hospital Management System In PHP versión V4.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio de los archivos doctor/view-patient.php, admin/view-patient.php, y view-medhistory.php • https://sisl.lab.uic.edu/projects/chess/cross-site-scripting-in-hms3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-24226
https://notcve.org/view.php?id=CVE-2022-24226
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. Se ha detectado que Hospital Management System versión v4.0, contiene una vulnerabilidad de inyección SQL ciega por medio de la función register en el archivo func2.php • https://github.com/Nguyen-Trung-Kien/CVE https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24226/CVE-2022-24226.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •