Security Vulnerabilities
An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-08-07
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-08-07
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-08-07
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-08-07
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-08-07
Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-08-07
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-08-07
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-08-07
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-08-07
Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-07