Shodan
Vulnerabilities
Vulnerable Software
Hospital Management System Project:  Security Vulnerabilities
CVE-2022-30011
In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.
CVSS Score
9.8
EPSS Score
0.016
Published
2022-05-16
CVE-2022-30012
In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-05-16
CVE-2022-28929
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-05-15
CVE-2022-30448
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-11
CVE-2022-30449
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-05-11
CVE-2022-27420
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-05-04
CVE-2022-27413
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.
CVSS Score
9.8
EPSS Score
0.12
Published
2022-05-03
CVE-2022-27299
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-04-26
CVE-2022-26546
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.
CVSS Score
9.1
EPSS Score
0.002
Published
2022-03-31
CVE-2022-24136
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-03-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved