Hospital Management System Phpgurukul Hospital Management System

Do you want an email whenever new security vulnerabilities are reported in Phpgurukul Hospital Management System?

By the Year

In 2023 there have been 1 vulnerability in Phpgurukul Hospital Management System with an average score of 9.8 out of ten. Last year Hospital Management System had 7 security vulnerabilities published. Right now, Hospital Management System is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 2.69.

Year Vulnerabilities Average Score
2023 1 9.80
2022 7 7.11
2021 15 7.35
2020 4 6.60
2019 0 0.00
2018 0 0.00

It may take a day or so for new Hospital Management System vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Phpgurukul Hospital Management System Security Vulnerabilities

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0

CVE-2023-31498 9.8 - Critical - May 11, 2023

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.

Session Fixation

Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS)

CVE-2021-35388 5.4 - Medium - October 28, 2022

Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.

XSS

Hospital Management System v 4.0 is vulnerable to SQL Injection

CVE-2021-35387 8.8 - High - October 28, 2022

Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.

SQL Injection

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS)

CVE-2022-42206 5.4 - Medium - October 21, 2022

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.

XSS

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS)

CVE-2022-42205 5.4 - Medium - October 21, 2022

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.

XSS

Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability

CVE-2022-24226 7.5 - High - February 15, 2022

Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.

SQL Injection

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php

CVE-2022-24646 7.5 - High - February 10, 2022

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.

SQL Injection

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php

CVE-2022-24263 9.8 - Critical - January 31, 2022

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.

SQL Injection

Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0

CVE-2021-39411 6.1 - Medium - November 05, 2021

Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.

XSS

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php

CVE-2020-22172 7.5 - High - June 22, 2021

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php

CVE-2020-22164 7.5 - High - June 22, 2021

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php

CVE-2020-22165 7.5 - High - June 22, 2021

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php

CVE-2020-22166 7.5 - High - June 22, 2021

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php

CVE-2020-22167 5.4 - Medium - June 22, 2021

PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.

XSS

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php

CVE-2020-22168 7.5 - High - June 22, 2021

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php

CVE-2020-22169 7.5 - High - June 22, 2021

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php

CVE-2020-22170 7.5 - High - June 22, 2021

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php

CVE-2020-22171 7.5 - High - June 22, 2021

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php

CVE-2020-22173 7.5 - High - June 22, 2021

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php

CVE-2020-22174 7.5 - High - June 22, 2021

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php

CVE-2020-22175 7.5 - High - June 22, 2021

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas

CVE-2020-22176 7.5 - High - June 22, 2021

PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.

authentification

PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which

CVE-2020-35745 8.8 - High - January 07, 2021

PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.

AuthZ

PHPGurukul hospital-management-system-in-php 4.0

CVE-2020-25271 5.4 - Medium - October 08, 2020

PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.

XSS

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities

CVE-2020-5193 6.1 - Medium - January 14, 2020

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.

XSS

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and

CVE-2020-5192 8.8 - High - January 06, 2020

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.

SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 suffers

CVE-2020-5191 6.1 - Medium - January 06, 2020

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Phpgurukul Hospital Management System or by Phpgurukul? Click the Watch button to subscribe.

Phpgurukul
Vendor

subscribe