Phpgurukul Hospital Management System
By the Year
In 2023 there have been 1 vulnerability in Phpgurukul Hospital Management System with an average score of 9.8 out of ten. Last year Hospital Management System had 7 security vulnerabilities published. Right now, Hospital Management System is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 2.69.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 1 | 9.80 |
2022 | 7 | 7.11 |
2021 | 15 | 7.35 |
2020 | 4 | 6.60 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Hospital Management System vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Phpgurukul Hospital Management System Security Vulnerabilities
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0
CVE-2023-31498
9.8 - Critical
- May 11, 2023
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.
Session Fixation
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2021-35388
5.4 - Medium
- October 28, 2022
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
XSS
Hospital Management System v 4.0 is vulnerable to SQL Injection
CVE-2021-35387
8.8 - High
- October 28, 2022
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
SQL Injection
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2022-42206
5.4 - Medium
- October 21, 2022
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.
XSS
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2022-42205
5.4 - Medium
- October 21, 2022
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.
XSS
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability
CVE-2022-24226
7.5 - High
- February 15, 2022
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
SQL Injection
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php
CVE-2022-24646
7.5 - High
- February 10, 2022
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.
SQL Injection
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php
CVE-2022-24263
9.8 - Critical
- January 31, 2022
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
SQL Injection
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0
CVE-2021-39411
6.1 - Medium
- November 05, 2021
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.
XSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php
CVE-2020-22172
7.5 - High
- June 22, 2021
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php
CVE-2020-22164
7.5 - High
- June 22, 2021
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php
CVE-2020-22165
7.5 - High
- June 22, 2021
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php
CVE-2020-22166
7.5 - High
- June 22, 2021
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php
CVE-2020-22167
5.4 - Medium
- June 22, 2021
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.
XSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php
CVE-2020-22168
7.5 - High
- June 22, 2021
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php
CVE-2020-22169
7.5 - High
- June 22, 2021
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php
CVE-2020-22170
7.5 - High
- June 22, 2021
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php
CVE-2020-22171
7.5 - High
- June 22, 2021
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php
CVE-2020-22173
7.5 - High
- June 22, 2021
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php
CVE-2020-22174
7.5 - High
- June 22, 2021
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php
CVE-2020-22175
7.5 - High
- June 22, 2021
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas
CVE-2020-22176
7.5 - High
- June 22, 2021
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.
authentification
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which
CVE-2020-35745
8.8 - High
- January 07, 2021
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.
AuthZ
PHPGurukul hospital-management-system-in-php 4.0
CVE-2020-25271
5.4 - Medium
- October 08, 2020
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.
XSS
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities
CVE-2020-5193
6.1 - Medium
- January 14, 2020
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.
XSS
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and
CVE-2020-5192
8.8 - High
- January 06, 2020
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.
SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 suffers
CVE-2020-5191
6.1 - Medium
- January 06, 2020
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Phpgurukul Hospital Management System or by Phpgurukul? Click the Watch button to subscribe.
