CVE-2020-22175
https://notcve.org/view.php?id=CVE-2020-22175
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. PHPGurukul Hospital Management System en PHP versión v4.0, presenta una vulnerabilidad de inyección SQL en el archivo \hms\admin\betweendates-detailsreports.php. Los usuarios no autentificados remoto pueden explotar la vulnerabilidad para obtener información confidencial de la base de datos • https://github.com/itodaro/PHPGurukul_Hospital_Management_System4.0_cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-35745
https://notcve.org/view.php?id=CVE-2020-35745
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs. PHPGURUKUL Hospital Management System versión V 4.0, no restringe apropiadamente el acceso al archivo admin/dashboard.php, lo que permite a atacantes acceder a todos los datos de usuarios, médicos, pacientes, cambiar la contraseña de administrador, obtener el historial de citas y acceder a todos los registros de sesión • https://medium.com/%40ashketchum/privilege-escalation-unauthenticated-access-to-admin-portal-cve-2020-35745-bb5d5dca97a0 https://www.phpgurukul.com/hospital-management-system-in-php https://www.youtube.com/watch?v=vnSsg6iwV9Y&feature=youtu.be&ab_channel=ashketchum • CWE-862: Missing Authorization •
CVE-2020-25271
https://notcve.org/view.php?id=CVE-2020-25271
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php. PHPGurukul hospital-management-system-in-php versión 4.0, permite un ataque de tipo XSS por medio del archivo admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, o admin/appointment-history.php • https://github.com/Ko-kn3t/CVE-2020-25271 https://phpgurukul.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5193 – Hospital Management System 4.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-5193
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter. PHPGurukul Hospital Management System en PHP versión v4.0 sufre de múltiples vulnerabilidades de tipo XSS reflejado por medio de los datos del parámetro searchdata o Doctorspecialization. Hospital Management System version 4.0 suffers from multiple reflective cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/155929/Hospital-Management-System-4.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5191 – Hospital Management System 4.0 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-5191
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities. PHPGurukul Hospital Management System en PHP versión v4.0, sufre de múltiples vulnerabilidades de tipo XSS persistentes. • https://www.exploit-db.com/exploits/47841 https://phpgurukul.com/hospital-management-system-in-php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •