Phpgurukul: >> Hospital Management System >> 4.0 Security Vulnerabilities
Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-10-21
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-10-09
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-01-10
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-01-10
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-01-10
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-01-10
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.
CVSS Score
9.8
EPSS Score
0.07
Published
2023-05-11
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-10-28
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-10-28
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-21