Filtered by vendor Phpgurukul Subscriptions
Filtered by product Hospital Management System Subscriptions

Search

Switch to Advanced Search (Beta)
Total 52 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-26627 1 Phpgurukul 1 Hospital Management System 2025-06-03 4.9 Medium
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab.
CVE-2024-0364 1 Phpgurukul 1 Hospital Management System 2025-06-03 5.5 Medium
A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131.
CVE-2024-51360 1 Phpgurukul 1 Hospital Management System 2025-05-29 9.8 Critical
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file
CVE-2020-26630 1 Phpgurukul 1 Hospital Management System 2025-05-22 4.9 Medium
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.
CVE-2020-26629 1 Phpgurukul 1 Hospital Management System 2025-05-09 9.8 Critical
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
CVE-2024-0362 1 Phpgurukul 1 Hospital Management System 2025-05-09 5.5 Medium
A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability.
CVE-2022-42206 1 Phpgurukul 1 Hospital Management System 2025-05-08 5.4 Medium
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.
CVE-2022-42205 1 Phpgurukul 1 Hospital Management System 2025-05-08 5.4 Medium
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.
CVE-2021-35388 1 Phpgurukul 1 Hospital Management System 2025-05-07 5.4 Medium
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
CVE-2021-35387 1 Phpgurukul 1 Hospital Management System 2025-05-07 8.8 High
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
CVE-2024-0363 1 Phpgurukul 1 Hospital Management System 2025-04-17 5.5 Medium
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability.
CVE-2024-56998 1 Phpgurukul 1 Hospital Management System 2025-04-09 4.2 Medium
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address.
CVE-2024-56997 1 Phpgurukul 1 Hospital Management System 2025-04-09 4.2 Medium
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter.
CVE-2024-56990 1 Phpgurukul 1 Hospital Management System 2025-04-09 4.5 Medium
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php.
CVE-2024-46239 1 Phpgurukul 1 Hospital Management System 2025-03-31 5.9 Medium
Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php.
CVE-2024-46238 1 Phpgurukul 1 Hospital Management System 2025-03-31 5.9 Medium
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php
CVE-2022-46499 1 Phpgurukul 1 Hospital Management System 2025-03-28 8.8 High
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php.
CVE-2022-46498 1 Phpgurukul 1 Hospital Management System 2025-03-28 2.7 Low
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php.
CVE-2022-46497 1 Phpgurukul 1 Hospital Management System 2025-03-28 8.1 High
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_view_single_patien.php.
CVE-2023-31498 1 Phpgurukul 1 Hospital Management System 2025-01-27 9.8 Critical
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.