CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25402
https://notcve.org/view.php?id=CVE-2022-25402
23 Feb 2022 — An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. Un problema de control de acceso incorrecto en HMS versión v1.0, permite a atacantes no autenticados leer y modificar todos los archivos PHP • https://github.com/dota-st/Vulnerability/blob/master/HMS/HMS.md •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-18705 – PHPTPoint Hospital Management System 1 SQL Injection
https://notcve.org/view.php?id=CVE-2018-18705
24 Oct 2018 — PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php. PhpTpoint hospital management system sufre de múltiples vulnerabilidades de inyección SQL mediante el parámetro user en index.php asociado a LOGIN.php, o el parámetro rno en ALIST.php, DUNDEL.php, PDEL.php o PUNDEL.php. PHPTPoint Hospital Management System version 1 suffers from remote SQL ... • https://packetstorm.news/files/id/149942 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •