cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10807,https://securityvulnerability.io/vulnerability/CVE-2024-10807,Cross Site Scripting Vulnerability in Hospital Management System,"A vulnerability has been identified in the PHPGurukul Hospital Management System version 4.0 that compromises the security of users through cross-site scripting. This issue arises from improper handling of the 'searchdata' parameter in the hms/doctor/search.php file, enabling attackers to inject malicious scripts. The attack can be executed remotely, posing significant risks to user data and application integrity. As this exploit is publicly disclosed, immediate actions and mitigations are recommended to safeguard the system and its users.",PHPgurukul,Hospital Management System,4.8,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-11-05T01:00:08.000Z,true,false,false,,2024-11-05T01:00:08.591Z,0
CVE-2024-10806,https://securityvulnerability.io/vulnerability/CVE-2024-10806,Cross Site Scripting Vulnerability in PHPGurukul Hospital Management System 4.0,A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.,PHPgurukul,Hospital Management System,4.8,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-11-05T00:31:05.000Z,true,false,false,,2024-11-05T00:31:05.507Z,0
CVE-2024-46237,https://securityvulnerability.io/vulnerability/CVE-2024-46237,Cross Site Scripting Vulnerability in PHPGurukul Hospital Management System,"The PHPGurukul Hospital Management System version 4.0 is exposed to a Cross Site Scripting (XSS) vulnerability. This occurs through the manipulative usage of the `patname`, `pataddress`, and `medhis` parameters in the `doctor/add-patient.php` and `doctor/edit-patient.php` scripts. Attackers can exploit this flaw to inject malicious scripts into the user interface, potentially leading to unauthorized access and the execution of arbitrary JavaScript in the context of the affected user’s session.",PHPgurukul,Hospital Management System,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-09T14:15:00.000Z,0
CVE-2024-0364,https://securityvulnerability.io/vulnerability/CVE-2024-0364,PHPGurukul Hospital Management System query-details.php sql injection,"A vulnerability exists in the PHPGurukul Hospital Management System version 1.0, specifically within the file admin/query-details.php. An attacker can exploit the application by manipulating the adminremark argument, which leads to SQL injection. This flaw allows unauthorized users to execute arbitrary SQL commands against the database, potentially compromising sensitive information and the integrity of the system. The vulnerability has been publicly disclosed and poses a significant risk to organizations utilizing this hospital management software, necessitating immediate attention and mitigation to prevent exploitation.",PHPGurukul,Hospital Management System,9.8,CRITICAL,0.0014799999771639705,false,,false,false,true,2024-01-10T03:00:05.000Z,true,false,false,,2024-01-10T03:00:05.400Z,0
CVE-2024-0363,https://securityvulnerability.io/vulnerability/CVE-2024-0363,PHPGurukul Hospital Management System patient-search.php sql injection,"A significant security vulnerability exists in version 1.0 of the PHPGurukul Hospital Management System, specifically within the functionality of the file admin/patient-search.php. This issue arises from improper handling of the 'searchdata' argument, allowing an attacker to execute unauthorized SQL commands. The potential for SQL injection exposes the system to data breaches and unauthorized data manipulations. This vulnerability has been publicly disclosed, increasing the likelihood of exploitation, and highlights the urgent need for security patches and remediation efforts.",PHPGurukul,Hospital Management System,9.8,CRITICAL,0.0014100000262260437,false,,false,false,true,2024-01-10T02:31:03.000Z,true,false,false,,2024-01-10T02:31:03.318Z,0
CVE-2024-0362,https://securityvulnerability.io/vulnerability/CVE-2024-0362,PHPGurukul Hospital Management System change-password.php sql injection,"A vulnerability exists in the PHPGurukul Hospital Management System 1.0 allowing SQL injection through the admin/change-password.php file. The manipulation of the cpass argument can lead to unauthorized database access. This exploit has been publicly disclosed, raising concerns about the security of systems utilizing this software. System administrators should take immediate action to mitigate the risks associated with this vulnerability.",PHPGurukul,Hospital Management System,9.8,CRITICAL,0.0014100000262260437,false,,false,false,true,2024-01-10T02:00:06.000Z,true,false,false,,2024-01-10T02:00:06.459Z,0
CVE-2024-0361,https://securityvulnerability.io/vulnerability/CVE-2024-0361,PHPGurukul Hospital Management System contact.php sql injection,"A significant SQL injection vulnerability has been identified in the PHPGurukul Hospital Management System version 1.0. The issue arises from the improper handling of input in the file 'admin/contact.php', where an attacker can manipulate the 'mobnum' argument. This vulnerability could potentially permit an unauthorized party to execute arbitrary SQL commands, compromising the integrity and confidentiality of the database. The details of the vulnerability have been publicly disclosed, highlighting the need for immediate remediation to protect sensitive data.",PHPGurukul,Hospital Management System,9.8,CRITICAL,0.0014100000262260437,false,,false,false,true,2024-01-10T02:00:05.000Z,true,false,false,,2024-01-10T02:00:05.367Z,0
CVE-2024-0360,https://securityvulnerability.io/vulnerability/CVE-2024-0360,PHPGurukul Hospital Management System edit-doctor-specialization.php sql injection,"A vulnerability exists within the PHPGurukul Hospital Management System 1.0, specifically in the processing of the file admin/edit-doctor-specialization.php. The issue arises from the improper handling of the argument 'doctorspecilization', which can lead to SQL injection attacks. Successful exploitation of this vulnerability may allow an attacker to manipulate the database, potentially leading to unauthorized data access or data corruption. Given that this vulnerability has already been disclosed publicly, users of the PHPGurukul Hospital Management System are urged to evaluate their systems for potential exposure and implement necessary countermeasures.",PHPGurukul,Hospital Management System,9.8,CRITICAL,0.0014100000262260437,false,,false,false,true,2024-01-10T01:31:05.000Z,true,false,false,,2024-01-10T01:31:05.270Z,0
CVE-2024-0286,https://securityvulnerability.io/vulnerability/CVE-2024-0286,PHPGurukul Hospital Management System Contact Form index.php#contact_us cross site scripting,"A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843.",PHPGurukul,Hospital Management System,6.1,MEDIUM,0.0016700000269338489,false,,false,false,true,2024-01-07T18:15:00.000Z,true,false,false,,2024-01-07T18:15:00.000Z,0
CVE-2023-7173,https://securityvulnerability.io/vulnerability/CVE-2023-7173,PHPGurukul Hospital Management System registration.php cross site scripting,"A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability.",PHPGurukul,Hospital Management System,5.4,MEDIUM,0.001449999981559813,false,,false,false,true,2024-01-02T08:41:10.000Z,true,false,false,,2023-12-30T12:15:00.000Z,0
CVE-2023-7172,https://securityvulnerability.io/vulnerability/CVE-2023-7172,PHPGurukul Hospital Management System Admin Dashboard sql injection,"A vulnerability exists within the Admin Dashboard of PHPGurukul Hospital Management System 1.0, allowing attackers to manipulate backend databases through SQL injection. This flaw can be exploited remotely, posing significant risks to data integrity and confidentiality. Publicly disclosed exploitation methods may already pose a threat, emphasizing the urgency for patching and mitigation.",PHPGurukul,Hospital Management System,7.2,HIGH,0.0017099999822676182,false,,false,false,true,2024-01-02T07:28:25.000Z,true,false,false,,2023-12-30T09:15:00.000Z,0
CVE-2023-31498,https://securityvulnerability.io/vulnerability/CVE-2023-31498,Privilege Escalation Vulnerability in PHP Gurukul Hospital Management System,"A privilege escalation vulnerability exists in version 4.0 of the PHP Gurukul Hospital Management System. This issue allows remote attackers to exploit the session token parameter, potentially enabling them to execute arbitrary code and gain unauthorized access to sensitive information. Organizations using this software should take immediate steps to mitigate the risks associated with this vulnerability.",PHPgurukul,Hospital Management System,9.8,CRITICAL,0.05598999932408333,false,,false,false,false,,,false,false,,2023-05-11T00:00:00.000Z,0
CVE-2021-35388,https://securityvulnerability.io/vulnerability/CVE-2021-35388,Cross-Site Scripting Vulnerability in Hospital Management System by PHP Gurukul,"The Hospital Management System version 4.0 is susceptible to Cross Site Scripting (XSS) via the patient search functionality. This security flaw allows attackers to inject malicious scripts into web pages viewed by other users. By exploiting this vulnerability, unauthorized users could potentially manipulate data and compromise the integrity of the application, leading to security breaches and unauthorized access to sensitive information.",PHPgurukul,Hospital Management System,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-10-28T00:00:00.000Z,0
CVE-2021-35387,https://securityvulnerability.io/vulnerability/CVE-2021-35387,SQL Injection Vulnerability in Hospital Management System by PHP Gurukul,"The Hospital Management System version 4.0 by PHP Gurukul is susceptible to an SQL injection vulnerability through the 'view-patient.php' file located in the admin directory. This security flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive patient data. Proper validation and sanitization measures should be implemented to mitigate this risk. For more details, refer to the official documentation and Github repository.",PHPgurukul,Hospital Management System,8.8,HIGH,0.0011399999493733048,false,,false,false,false,,,false,false,,2022-10-28T00:00:00.000Z,0
CVE-2022-42206,https://securityvulnerability.io/vulnerability/CVE-2022-42206,Cross Site Scripting Vulnerability in PHPGurukul Hospital Management System,"The PHPGurukul Hospital Management System version 4.0 is susceptible to Cross Site Scripting (XSS) attacks through multiple endpoints, including doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or data breaches.",PHPgurukul,Hospital Management System,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-10-21T00:00:00.000Z,0
CVE-2022-42205,https://securityvulnerability.io/vulnerability/CVE-2022-42205,Cross-Site Scripting Vulnerability in PHPGurukul Hospital Management System,"The PHPGurukul Hospital Management System Version 4.0 is susceptible to Cross-Site Scripting (XSS) attacks through the add-patient.php file. An attacker can exploit this vulnerability by injecting malicious scripts into web pages viewed by other users, potentially leading to unauthorized actions or data exposure. Ensuring proper sanitization and validation of user inputs can help mitigate this risk.",PHPgurukul,Hospital Management System,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-10-21T00:00:00.000Z,0
CVE-2022-24226,https://securityvulnerability.io/vulnerability/CVE-2022-24226,Blind SQL Injection Vulnerability in Hospital Management System by Nguyen-Trung-Kien,"A blind SQL injection vulnerability has been identified in version 4.0 of the Hospital Management System. This vulnerability occurs via the register function in func2.php, which allows attackers to manipulate SQL queries without user feedback. Successful exploitation may lead to unauthorized access to sensitive data, making it imperative for users to apply security patches and best practices to safeguard their systems.",PHPgurukul,Hospital Management System,7.5,HIGH,0.0030400000978261232,false,,false,false,false,,,false,false,,2022-02-15T15:30:37.000Z,0
CVE-2022-24646,https://securityvulnerability.io/vulnerability/CVE-2022-24646,SQL Injection Vulnerability in Hospital Management System by Kishan0725,"A SQL injection vulnerability has been identified in the Hospital Management System v4.0, specifically in the contact.php file through the txtMsg parameters. This flaw enables attackers to manipulate SQL queries, potentially compromising sensitive data within the system. Organizations using this software should assess their exposure and take the necessary steps to mitigate the risks associated with this vulnerability.",PHPgurukul,Hospital Management System,7.5,HIGH,0.002460000105202198,false,,false,false,false,,,false,false,,2022-02-10T22:39:12.000Z,0
CVE-2022-24263,https://securityvulnerability.io/vulnerability/CVE-2022-24263,SQL Injection Vulnerability in Hospital Management System by Truong Huuphuc,"The Hospital Management System v4.0 has been identified to be vulnerable to an SQL injection flaw through the 'email' parameter in the func.php file. This vulnerability can potentially allow attackers to execute arbitrary SQL queries, leading to unauthorized access to sensitive database information or manipulation of the database itself. It is crucial for users of this system to implement appropriate security measures to safeguard against exploitation.",PHPgurukul,Hospital Management System,9.8,CRITICAL,0.016659999266266823,false,,false,false,false,,,false,false,,2022-01-31T21:27:00.000Z,0
CVE-2021-39411,https://securityvulnerability.io/vulnerability/CVE-2021-39411,Cross Site Scripting Vulnerabilities in PHPGurukul Hospital Management System by PHPGurukul,"The PHPGurukul Hospital Management System 4.0 is exposed to multiple Cross Site Scripting vulnerabilities that can be exploited through unsanitized user input. Specifically, the vulnerabilities arise from the handling of parameters such as 'searchdata' in 'doctor/search.php' and 'admin/patient-search.php', alongside the 'fromdate' and 'todate' parameters in 'admin/betweendates-detailsreports.php'. Attackers could leverage these weaknesses to inject malicious scripts, potentially compromising user data and application integrity.",PHPgurukul,Hospital Management System,6.1,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2021-11-05T14:32:39.000Z,0
CVE-2020-22176,https://securityvulnerability.io/vulnerability/CVE-2020-22176,Sensitive Information Disclosure in PHPGurukul Hospital Management System by PHPGurukul,"The PHPGurukul Hospital Management System v4.0 is exposed to sensitive information disclosure vulnerabilities across multiple components. This security flaw allows remote unauthenticated attackers to access sensitive user data without proper authorization, potentially leading to data breaches. It is crucial for administrators to patch this vulnerability to protect user data from unauthorized access.",PHPgurukul,Hospital Management System,7.5,HIGH,0.007960000075399876,false,,false,false,false,,,false,false,,2021-06-22T14:19:48.000Z,0
CVE-2020-22170,https://securityvulnerability.io/vulnerability/CVE-2020-22170,SQL Injection Vulnerability in PHPGurukul Hospital Management System v4.0,"The PHPGurukul Hospital Management System version 4.0 contains a vulnerability in the get_doctor.php file, allowing remote unauthenticated users to perform SQL injection attacks. Exploiting this flaw enables attackers to access sensitive information stored in the database, potentially compromising patient data and violating data protection regulations.",PHPgurukul,Hospital Management System,7.5,HIGH,0.03302999958395958,false,,false,false,false,,,false,false,,2021-06-22T14:17:45.000Z,0
CVE-2020-22164,https://securityvulnerability.io/vulnerability/CVE-2020-22164,SQL Injection Vulnerability in PHPGurukul Hospital Management System by PHPGurukul,"The PHPGurukul Hospital Management System, specifically version 4.0, is susceptible to a SQL injection flaw located in the check_availability.php file. This vulnerability allows remote unauthenticated users to craft malicious queries that can manipulate the underlying SQL database. By exploiting this weakness, attackers can potentially gain access to sensitive information stored within the database, posing a significant risk to data integrity and privacy.",PHPgurukul,Hospital Management System,7.5,HIGH,0.03302999958395958,false,,false,false,false,,,false,false,,2021-06-22T14:15:28.000Z,0
CVE-2020-22165,https://securityvulnerability.io/vulnerability/CVE-2020-22165,SQL Injection Vulnerability in PHPGurukul Hospital Management System,"The PHPGurukul Hospital Management System version 4.0 is susceptible to a SQL injection vulnerability located in the user-login.php file. This flaw allows remote unauthenticated users to manipulate SQL queries, potentially leading to unauthorized access to sensitive database information. Malicious actors can exploit this vulnerability to extract confidential data, raising significant security concerns for institutions relying on this software for hospital management.",PHPgurukul,Hospital Management System,7.5,HIGH,0.03302999958395958,false,,false,false,false,,,false,false,,2021-06-22T14:14:45.000Z,0
CVE-2020-22166,https://securityvulnerability.io/vulnerability/CVE-2020-22166,SQL Injection Vulnerability in PHPGurukul Hospital Management System,"The Hospital Management System developed by PHPGurukul version 4.0 contains a SQL injection vulnerability located in the forgot-password.php file. This flaw allows remote unauthenticated users to manipulate database queries, potentially leading to unauthorized access and retrieval of sensitive information from the database. It underlines the crucial need for secure coding practices and input validation to mitigate such risks.",PHPgurukul,Hospital Management System,7.5,HIGH,0.03302999958395958,false,,false,false,false,,,false,false,,2021-06-22T14:13:55.000Z,0