Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-56212 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 9.8 CRITICAL |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter. | |||||
| CVE-2025-56214 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 9.8 CRITICAL |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter. | |||||
| CVE-2025-56215 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 6.5 MEDIUM |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter. | |||||
| CVE-2025-56216 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 8.5 HIGH |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. | |||||
| CVE-2025-7604 | 1 Phpgurukul | 1 Hospital Management System | 2025-07-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7176 | 1 Phpgurukul | 1 Hospital Management System | 2025-07-08 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-26628 | 1 Phpgurukul | 1 Hospital Management System | 2025-06-20 | N/A | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile. | |||||
| CVE-2020-26627 | 1 Phpgurukul | 1 Hospital Management System | 2025-06-03 | N/A | 4.9 MEDIUM |
| A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. | |||||
| CVE-2024-51360 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-29 | N/A | 9.8 CRITICAL |
| An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file | |||||
| CVE-2020-26630 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-22 | N/A | 4.9 MEDIUM |
| A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin. | |||||
| CVE-2020-26629 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-09 | N/A | 9.8 CRITICAL |
| A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. | |||||
| CVE-2022-42206 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-08 | N/A | 5.4 MEDIUM |
| PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. | |||||
| CVE-2022-42205 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-08 | N/A | 5.4 MEDIUM |
| PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php. | |||||
| CVE-2021-35388 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-07 | N/A | 5.4 MEDIUM |
| Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. | |||||
| CVE-2021-35387 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-07 | N/A | 8.8 HIGH |
| Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. | |||||
| CVE-2024-56998 | 1 Phpgurukul | 1 Hospital Management System | 2025-04-09 | N/A | 4.2 MEDIUM |
| PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address. | |||||
| CVE-2024-56997 | 1 Phpgurukul | 1 Hospital Management System | 2025-04-09 | N/A | 4.2 MEDIUM |
| PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter. | |||||
| CVE-2024-56990 | 1 Phpgurukul | 1 Hospital Management System | 2025-04-09 | N/A | 4.5 MEDIUM |
| PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php. | |||||
| CVE-2024-46239 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
| Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php. | |||||
| CVE-2024-46238 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php | |||||