Product
phpgurukul hospital management system
140 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-70064
CVE-2025-70063
CVE-2025-70062
CVE-2026-2179
CVE-2026-2134
CVE-2026-1550
CVE-2025-63514
CVE-2025-63513
CVE-2025-63512
CVE-2025-11609
CVE-2025-56216
CVE-2025-56215
CVE-2025-56214
CVE-2025-56212
CVE-2025-8955
CVE-2025-8954
CVE-2023-41532
CVE-2023-41531
CVE-2023-41530
CVE-2023-41529
CVE-2023-41528
CVE-2023-41527
CVE-2023-41526
CVE-2023-41525
CVE-2023-40992
CVE-2025-7604
CVE-2025-7176
CVE-2025-6613
CVE-2025-6570
CVE-2025-5584
CVE-2024-51360
CVE-2023-43958
CVE-2025-3206
CVE-2024-56990
CVE-2024-56998
CVE-2024-56997
CVE-2024-12983
CVE-2024-12976
CVE-2024-12969
CVE-2024-11678
CVE-2024-11677
CVE-2024-11676
CVE-2024-11675
CVE-2024-11674
CVE-2024-11102
CVE-2024-11073
CVE-2024-10807
CVE-2024-10806
CVE-2024-10350
CVE-2024-46239
CVE-2024-46238
CVE-2024-10170
CVE-2024-10169
CVE-2024-46237
CVE-2024-45983
CVE-2024-8944
CVE-2024-8569
CVE-2024-8368
CVE-2024-28320
CVE-2022-46499
CVE-2022-46498
CVE-2022-46497
CVE-2020-26630
CVE-2020-26629
CVE-2020-26628
CVE-2020-26627
CVE-2024-0364
CVE-2024-0363
CVE-2024-0362
CVE-2024-0361
CVE-2024-0360
CVE-2024-0286
CVE-2023-7173
CVE-2023-7172
CVE-2023-43909
CVE-2023-4176
CVE-2023-3811
CVE-2023-3810
CVE-2023-3809
CVE-2023-3808
CVE-2023-34651
CVE-2023-31498
CVE-2022-48120
CVE-2022-46093
CVE-2021-35388
CVE-2021-35387
CVE-2022-42206
CVE-2022-42205
CVE-2022-38637
CVE-2022-34590
CVE-2022-32095
CVE-2022-32094
CVE-2022-32093
CVE-2021-44095
CVE-2022-30516
CVE-2022-30012
CVE-2022-30011
CVE-2022-28929
CVE-2022-30449
CVE-2022-30448
CVE-2022-27420
CVE-2022-27413
CVE-2022-27299
CVE-2022-26546
CVE-2022-24136
CVE-2022-25493
CVE-2022-25492
CVE-2022-25491
CVE-2022-25490
CVE-2022-25409
CVE-2022-25408
CVE-2022-25407
CVE-2022-25403
CVE-2022-25402
CVE-2022-24226
CVE-2022-24646
CVE-2022-24263
CVE-2021-39411
CVE-2021-38757
CVE-2021-38756
CVE-2021-38755
CVE-2021-38754
CVE-2020-22176
CVE-2020-22175
CVE-2020-22174
CVE-2020-22173
CVE-2020-22172
CVE-2020-22171
CVE-2020-22170
CVE-2020-22169
CVE-2020-22168
CVE-2020-22167
CVE-2020-22166
CVE-2020-22165
CVE-2020-22164
CVE-2020-35745
CVE-2020-25271
CVE-2020-5193
CVE-2020-5192
CVE-2020-5191
all versions
PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can dire
all versions
The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vul
all versions
PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module.
all versions
A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/m
all versions
A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown functi
all versions
A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functiona
all versions
kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter.
all versions
kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellat
all versions
kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor
all versions
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-s
all versions
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.
all versions
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter.
all versions
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.
all versions
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.
all versions
A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /
all versions
A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/docto
all versions
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorse
all versions
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and
all versions
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.p
all versions
Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the f
all versions
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txt
all versions
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
all versions
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and
all versions
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patient
all versions
Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 par
all versions
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnera
all versions
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnera
all versions
A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability i
all versions
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this i
all versions
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unkn
all versions
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-prof
all versions
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.
all versions
A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical. This vulnerability affe
all versions
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-pati
all versions
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $addr
all versions
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' paramet
all versions
A vulnerability classified as problematic has been found in code-projects Hospital Management System 1.0. This affects an unknown
all versions
A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this iss
all versions
A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. Affected by thi
all versions
A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability aff
all versions
A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unkn
all versions
A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is som
all versions
A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnera
all versions
A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Affected is an unknown f
all versions
A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this iss
all versions
A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. This affects an unknown
all versions
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some
all versions
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability af
all versions
A vulnerability was found in code-projects Hospital Management System 1.0. It has been declared as critical. This vulnerability af
all versions
Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doc
all versions
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter i
all versions
A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. This issue affe
all versions
A vulnerability classified as critical was found in code-projects Hospital Management System 1.0. This vulnerability affects unkno
all versions
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis para
all versions
A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerabili
all versions
A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unkn
all versions
A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical. Affected by this vulner
all versions
A vulnerability was found in code-projects Hospital Management System 1.0. It has been rated as critical. Affected by this issue i
all versions
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user param
all versions
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_v
all versions
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_v
all versions
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_vie
all versions
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump dat
all versions
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauth
all versions
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute a
all versions
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump dat
all versions
A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown
all versions
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this i
all versions
A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is a
all versions
A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown functio
all versions
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unk
all versions
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unkn
all versions
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unkn
all versions
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this i
all versions
Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter
all versions
A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been classified as critical. This affects an un
all versions
A vulnerability was found in Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown proces
all versions
A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown
all versions
A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of t
all versions
A vulnerability was found in Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown fun
all versions
PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
all versions
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbi
<= 2021-03-13
SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on Marc
all versions
Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a
all versions
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
all versions
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
all versions
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/
all versions
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.
all versions
Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password par
all versions
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php
all versions
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.
all versions
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.p
all versions
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.ph
all versions
A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote att
all versions
In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.
all versions
In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and da
all versions
In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.
all versions
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentre
all versions
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editi
all versions
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrec
all versions
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patie
all versions
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.
all versions
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.
all versions
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive informat
all versions
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php.
all versions
HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.
all versions
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.
all versions
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.
all versions
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.
all versions
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail paramet
all versions
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword para
all versions
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor paramet
all versions
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.
all versions
An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files.
all versions
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.p
all versions
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/cont
all versions
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func
all versions
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata para
all versions
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.
all versions
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php.
all versions
Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php.
all versions
SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.
all versions
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote u
all versions
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php.
all versions
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthent
all versions
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticat
all versions
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated
all versions
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticat
all versions
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated
all versions
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauth
all versions
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthentica
all versions
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-hi
all versions
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenti
all versions
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated
all versions
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthe
all versions
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to ac
all versions
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php,
all versions
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctor
all versions
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and paramete
all versions
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.