CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3810 – Hospital Management System patientappointment.php sql injection
https://notcve.org/view.php?id=CVE-2023-3810
A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file patientappointment.php. The manipulation of the argument loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/city leads to sql injection. The attack can be initiated remotely. • https://github.com/GZRsecurity/Cve-System/blob/main/Hospital%20Management%20System%20patientappointment.php%20has%20Sqlinjection.pdf https://vuldb.com/?ctiid.235078 https://vuldb.com/?id.235078 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3809 – Hospital Management System patient.php sql injection
https://notcve.org/view.php?id=CVE-2023-3809
A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file patient.php. The manipulation of the argument address leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/GZRsecurity/Cve-System/blob/main/Hospital%20Management%20System%20patient.php%20has%20Sqlinjection.pdf https://vuldb.com/?ctiid.235077 https://vuldb.com/?id.235077 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3808 – Hospital Management System patientforgotpassword.php sql injection
https://notcve.org/view.php?id=CVE-2023-3808
A vulnerability was found in Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file patientforgotpassword.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GZRsecurity/Cve-System/blob/main/Hospital%20Management%20System%20patientforgotpassword.php%20has%20Sqlinjection.pdf https://vuldb.com/?ctiid.235076 https://vuldb.com/?id.235076 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34651
https://notcve.org/view.php?id=CVE-2023-34651
PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). • https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34651 https://phpgurukul.com/hospital-management-system-in-php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48120
https://notcve.org/view.php?id=CVE-2022-48120
SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php. Vulnerabilidad de inyección SQL en kishan0725 Hospital Management System a través de la confirmación 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (el 13 de marzo de 2021), permite a los atacantes ejecutar comandos arbitrarios a través de los parámetros de contacto y médico en /search.php. • https://github.com/kishan0725/Hospital-Management-System/issues/32 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •