CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34651
https://notcve.org/view.php?id=CVE-2023-34651
PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). • https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34651 https://phpgurukul.com/hospital-management-system-in-php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48120
https://notcve.org/view.php?id=CVE-2022-48120
SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php. Vulnerabilidad de inyección SQL en kishan0725 Hospital Management System a través de la confirmación 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (el 13 de marzo de 2021), permite a los atacantes ejecutar comandos arbitrarios a través de los parámetros de contacto y médico en /search.php. • https://github.com/kishan0725/Hospital-Management-System/issues/32 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46093
https://notcve.org/view.php?id=CVE-2022-46093
Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password. • https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/Hospital-Management-System/Hospital-Management-System.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2022-38637
https://notcve.org/view.php?id=CVE-2022-38637
Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. Se ha detectado que Hospital Management System versión v1.0, contiene múltiples vulnerabilidades de inyección SQL por medio de los parámetros Username y Password en la página de inicio de sesión • https://owasp.org/www-community/attacks/SQL_Injection https://www.youtube.com/watch?v=m8nW0p69UHU • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 1CVE-2022-34590
https://notcve.org/view.php?id=CVE-2022-34590
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php. Se ha detectado que Hospital Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro editid en el archivo /HMS/admin.php • https://github.com/Renrao/bug_report/blob/master/blob/main/vendors/itsourcecode.com/hospital-management-system/sql_injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •