Filtered by vendor Phpgurukul Subscriptions
Filtered by product Hospital Management System Subscriptions
Total 45 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-5191 1 Phpgurukul 1 Hospital Management System 2024-11-21 6.1 Medium
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
CVE-2020-35745 1 Phpgurukul 1 Hospital Management System 2024-11-21 8.8 High
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.
CVE-2020-26630 1 Phpgurukul 1 Hospital Management System 2024-11-21 4.9 Medium
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.
CVE-2020-26629 1 Phpgurukul 1 Hospital Management System 2024-11-21 9.8 Critical
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
CVE-2020-26628 1 Phpgurukul 1 Hospital Management System 2024-11-21 6.1 Medium
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile.
CVE-2020-26627 1 Phpgurukul 1 Hospital Management System 2024-11-21 4.9 Medium
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab.
CVE-2020-25271 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.4 Medium
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.
CVE-2020-22176 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.
CVE-2020-22175 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22174 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22173 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22172 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22171 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22170 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22169 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22168 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22167 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.4 Medium
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.
CVE-2020-22166 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22165 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22164 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.