Filtered by vendor Hospital Management System Project
Subscriptions
Filtered by product Hospital Management System
Subscriptions
Total
41 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-30011 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. | ||||
CVE-2022-28929 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. | ||||
CVE-2022-27420 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | ||||
CVE-2022-27413 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. | ||||
CVE-2022-27299 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. | ||||
CVE-2022-26546 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.1 Critical |
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. | ||||
CVE-2022-25493 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 6.1 Medium |
HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php. | ||||
CVE-2022-25492 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php. | ||||
CVE-2022-25491 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 High |
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php. | ||||
CVE-2022-25490 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php. | ||||
CVE-2022-25409 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 5.4 Medium |
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. | ||||
CVE-2022-25408 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 5.4 Medium |
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. | ||||
CVE-2022-25407 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 5.4 Medium |
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. | ||||
CVE-2022-25403 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. | ||||
CVE-2022-25402 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.1 Critical |
An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. | ||||
CVE-2022-24136 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. | ||||
CVE-2021-44095 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. | ||||
CVE-2021-38757 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 6.1 Medium |
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. | ||||
CVE-2021-38756 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 6.1 Medium |
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php. | ||||
CVE-2021-38755 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 5.3 Medium |
Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php. |