cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11102,https://securityvulnerability.io/vulnerability/CVE-2024-11102,Cross-Site Scripting Vulnerability in Hospital Management System,A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.,Sourcecodester,Hospital Management System,4.8,MEDIUM,0.0007200000109151006,false,false,false,true,true,false,false,2024-11-12T04:00:14.685Z,0
CVE-2024-5362,https://securityvulnerability.io/vulnerability/CVE-2024-5362,SQL Injection Vulnerability in SourceCodester Online Hospital Management System,"A critical vulnerability has been identified in the SourceCodester Online Hospital Management System 1.0, specifically in the file departmentDoctor.php. This vulnerability arises from improper handling of the 'deptid' argument, enabling attackers to exploit SQL injection techniques. With this flaw, attackers can execute arbitrary SQL queries on the database, potentially compromising sensitive information and system integrity. This vulnerability is accessible for exploitation remotely and has been publicly disclosed, raising immediate concerns for organizations using this outdated software version.",Sourcecodester,Online Hospital Management System,7.3,HIGH,0.00044999999227002263,false,false,false,true,true,false,false,2024-05-26T11:31:03.618Z,0
CVE-2023-5587,https://securityvulnerability.io/vulnerability/CVE-2023-5587,SourceCodester Free Hospital Management System for Small Practices Parameter doctors.php sql injection,A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-242186 is the identifier assigned to this vulnerability.,SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.0014100000262260437,false,false,false,false,,false,false,2023-10-15T22:15:00.000Z,0
CVE-2023-4444,https://securityvulnerability.io/vulnerability/CVE-2023-4444,SourceCodester Free Hospital Management System for Small Practices edit-user.php sql injection,"A SQL injection vulnerability exists in the Free Hospital Management System for Small Practices due to improper input validation in the file responsible for user data editing. This flaw enables attackers to manipulate user-provided parameters, such as id00, nic, oldemail, email, and Tele, to execute arbitrary SQL commands on the database. The vulnerability can be exploited remotely, exposing sensitive data and allowing unauthorized access to the database. Prompt updates and security measures are essential to mitigate any risks associated with this exposure.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.004650000017136335,false,false,false,false,,false,false,2023-08-21T01:15:00.000Z,0
CVE-2023-4443,https://securityvulnerability.io/vulnerability/CVE-2023-4443,SourceCodester Free Hospital Management System for Small Practices edit-doc.php sql injection,"An SQL injection vulnerability has been discovered in the SourceCodester Free Hospital Management System, specifically within the edit-doc.php file located in the vm/doctor directory. This issue arises when specific parameters, including id00, nic, oldemail, email, and spec, are manipulated. An attacker can exploit this flaw remotely, allowing unauthorized access to the database, which can lead to potential data exposure or corruption. It is crucial for organizations using affected versions to apply security patches and mitigate this risk immediately.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.003220000071451068,false,false,false,false,,false,false,2023-08-21T01:15:00.000Z,0
CVE-2023-4441,https://securityvulnerability.io/vulnerability/CVE-2023-4441,SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection,"A vulnerability in the SourceCodester Free Hospital Management System for Small Practices version 1.0 was discovered, impacting the /patient/appointment.php file. This issue arises from improper validation of the 'scheduledate' parameter, allowing attackers to execute SQL injection attacks remotely. Successful exploitation could compromise the integrity and confidentiality of the database, potentially leading to unauthorized access to sensitive information.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.00203999993391335,false,false,false,false,,false,false,2023-08-21T00:15:00.000Z,0
CVE-2023-4442,https://securityvulnerability.io/vulnerability/CVE-2023-4442,SourceCodester Free Hospital Management System for Small Practices booking-complete.php sql injection,"A vulnerability affecting the SourceCodester Free Hospital Management System for Small Practices 1.0 has been identified, which allows for SQL injection through the manipulation of arguments in the file \vm\patient\booking-complete.php. Attackers can exploit this weakness remotely by crafting requests that modify the 'userid', 'appnum', or 'scheduleid' parameters, leading to unauthorized database access or manipulation. This issue poses a significant security risk, especially since it has been publicly disclosed, allowing potential exploitation by malicious entities.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.003220000071451068,false,false,false,false,,false,false,2023-08-21T00:15:00.000Z,0
CVE-2023-4440,https://securityvulnerability.io/vulnerability/CVE-2023-4440,SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection,"An SQL injection vulnerability exists in SourceCodester's Free Hospital Management System for Small Practices version 1.0. The issue resides in the processing of the 'sheduledate' argument within the appointment.php file. An attacker can exploit this vulnerability remotely by manipulating the relevant input, potentially gaining unauthorized access to the database. This could lead to exposure of sensitive data, making it imperative for users to assess their systems and implement appropriate security measures.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.003220000071451068,false,false,false,false,,false,false,2023-08-20T23:15:00.000Z,0
CVE-2023-4185,https://securityvulnerability.io/vulnerability/CVE-2023-4185,SourceCodester Online Hospital Management System patientlogin.php sql injection,A vulnerability was found in SourceCodester Online Hospital Management System 1.0. It has been classified as critical. Affected is an unknown function of the file patientlogin.php. The manipulation of the argument loginid/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236220.,SourceCodester,Online Hospital Management System,9.8,CRITICAL,0.0014299999456852674,false,false,false,false,,false,false,2023-08-06T13:15:00.000Z,0
CVE-2023-4181,https://securityvulnerability.io/vulnerability/CVE-2023-4181,SourceCodester Free Hospital Management System for Small Practices Redirect behavioral workflow,"A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236216.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.02101000025868416,false,false,false,false,,false,false,2023-08-06T09:15:00.000Z,0
CVE-2023-4180,https://securityvulnerability.io/vulnerability/CVE-2023-4180,SourceCodester Free Hospital Management System for Small Practices login.php sql injection,A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file /vm/login.php. The manipulation of the argument useremail/userpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236215.,SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.006039999891072512,false,false,false,false,,false,false,2023-08-06T08:15:00.000Z,0
CVE-2023-4179,https://securityvulnerability.io/vulnerability/CVE-2023-4179,SourceCodester Free Hospital Management System for Small Practices sql injection,A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-236214 is the identifier assigned to this vulnerability.,SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.006039999891072512,false,false,false,false,,false,false,2023-08-06T08:15:00.000Z,0
CVE-2023-4176,https://securityvulnerability.io/vulnerability/CVE-2023-4176,SourceCodester Hospital Management System appointmentapproval.php sql injection,A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file appointmentapproval.php. The manipulation of the argument time leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236211.,SourceCodester,Hospital Management System,9.8,CRITICAL,0.006039999891072512,false,false,false,false,,false,false,2023-08-06T02:15:00.000Z,0