CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10807 – PHPGurukul Hospital Management System search.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10807
05 Nov 2024 — A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. • https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(search.php).md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10806 – PHPGurukul Hospital Management System betweendates-detailsreports.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10806
05 Nov 2024 — A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be initiated remotely. • https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(betweendates-detailsreports.php).md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-26627 – Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
https://notcve.org/view.php?id=CVE-2020-26627
22 Dec 2023 — A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. Se descubrió una vulnerabilidad de inyección SQL basada en tiempo en Hospital Management System V4.0 que puede permitir a un atacante volcar información de la base de datos a través de un payload manipulado ingresado en el parámetro 'Observación de... • https://packetstorm.news/files/id/176302 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-26628 – Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
https://notcve.org/view.php?id=CVE-2020-26628
22 Dec 2023 — A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile. Se descubrió una vulnerabilidad de Cross-Site Scripting (XSS) en Hospital Management System V4.0 que permite a un atacante ejecutar scripts web arbitrarios o código HTML a través de un payload malicioso adjuntdo a un nombr... • https://packetstorm.news/files/id/176302 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2020-26629 – Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
https://notcve.org/view.php?id=CVE-2020-26629
22 Dec 2023 — A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. Se descubrió una vulnerabilidad de carga arbitraria de archivos sin restricciones de JQuery en Hospital Management System V4.0 que permite a un atacante no autenticado cargar cualquier archivo en el servidor. Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL ... • https://packetstorm.news/files/id/176302 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-26630 – Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
https://notcve.org/view.php?id=CVE-2020-26630
22 Dec 2023 — A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin. Se descubrió una vulnerabilidad de inyección SQL basada en tiempo en Hospital Management System V4.0 que puede permitir a un atacante volcar información de la base de datos a través de un payload especial en el campo "Especialización de médicos"... • https://packetstorm.news/files/id/176302 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-2023-31498
https://notcve.org/view.php?id=CVE-2023-31498
11 May 2023 — A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. • https://gist.github.com/captain-noob/aff11542477ddd0a92ad8b94ec75f832 • CWE-384: Session Fixation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48120
https://notcve.org/view.php?id=CVE-2022-48120
20 Jan 2023 — SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php. Vulnerabilidad de inyección SQL en kishan0725 Hospital Management System a través de la confirmación 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (el 13 de marzo de 2021), permite a los atacantes ejecutar comandos arbitrarios a través de los parámetros de contacto y médic... • https://github.com/kishan0725/Hospital-Management-System/issues/32 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35387
https://notcve.org/view.php?id=CVE-2021-35387
28 Oct 2022 — Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. Hospital Management System v 4.0 es vulnerable a la inyección SQL a través del archivo: hospital/hms/admin/view-patient.php. • https://github.com/BigTiger2020/Hospital-Management-System/blob/main/Hospital%20Management%20System.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35388
https://notcve.org/view.php?id=CVE-2021-35388
28 Oct 2022 — Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. Hospital Management System v 4.0 es vulnerable a Cross Site Scripting (XSS) a través de /hospital/hms/admin/patient-search.php. • https://github.com/BigTiger2020/Hospital-Management-System/blob/main/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •