CVE-2023-41531
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.
CVE-2023-41530
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
CVE-2023-41529
Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters.
CVE-2023-41528
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
CVE-2023-41527
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
CVE-2023-41526
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.
CVE-2023-41525
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
CVE-2023-40992
Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.
CVE-2025-7604
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username lead…
CVE-2025-7176
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid le…
CVE-2025-6613
A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads…
CVE-2025-6570
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata…
CVE-2025-6339
A vulnerability was found in ponaravindb Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /func3.php. The manipulation of the argument username1 leads to sql inj…
CVE-2025-5584
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipu…
CVE-2024-51360
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file
CVE-2025-4933
A vulnerability, which was classified as critical, was found in ponaravindb Hospital-Management-System 1.0. This affects an unknown part of the file /doctor-panel.php. The manipulation of the argument ID leads to sql injection. It is possib…
CVE-2023-43958
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code.
CVE-2025-3206
A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspeciliza…
CVE-2025-2664
A vulnerability was found in CodeZips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /suadpeted.php. The manipulation of the argument ID leads to sql injection. Th…
CVE-2025-29410
A cross-site scripting (XSS) vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the txtEmail parameter.