Shodan
Vulnerabilities
Vulnerable Software
Phpgurukul:  >> Hospital Management System  >> 4.0  Security Vulnerabilities
CVE-2020-26629
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-01-10
CVE-2020-26630
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-01-10
CVE-2023-31498
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.
CVSS Score
9.8
EPSS Score
0.07
Published
2023-05-11
CVE-2021-35388
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-10-28
CVE-2021-35387
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-10-28
CVE-2022-42205
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-21
CVE-2022-42206
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-21
CVE-2022-24226
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-02-15
CVE-2022-24646
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-10
CVE-2022-24263
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
CVSS Score
9.8
EPSS Score
0.02
Published
2022-01-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved