Filtered by vendor Hospital Management System Project
Subscribe
Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30448 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. | |||||
| CVE-2022-30012 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection. | |||||
| CVE-2022-30011 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. | |||||
| CVE-2022-28929 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. | |||||
| CVE-2022-27420 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | |||||
| CVE-2022-27413 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. | |||||
| CVE-2022-27299 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. | |||||
| CVE-2022-26546 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. | |||||
| CVE-2022-25493 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php. | |||||
| CVE-2022-25492 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php. | |||||
| CVE-2022-25491 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php. | |||||
| CVE-2022-25490 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php. | |||||
| CVE-2022-25409 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. | |||||
| CVE-2022-25408 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. | |||||
| CVE-2022-25407 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. | |||||
| CVE-2022-25403 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. | |||||
| CVE-2022-25402 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. | |||||
| CVE-2022-24136 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. | |||||
| CVE-2021-44095 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-38757 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. | |||||