Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-70063 | 1 Phpgurukul | 1 Hospital Management System | 2026-02-26 | N/A | 6.5 MEDIUM |
| The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the confidential medical records of other patients by iterating the 'viewid' integer. | |||||
| CVE-2025-70064 | 1 Phpgurukul | 1 Hospital Management System | 2026-02-23 | N/A | 8.8 HIGH |
| PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. This allows any self-registered user to takeover the application, view confidential logs, and modify system data. | |||||
| CVE-2025-70062 | 1 Phpgurukul | 1 Hospital Management System | 2026-02-23 | N/A | 6.5 MEDIUM |
| PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page. | |||||
| CVE-2026-2134 | 1 Phpgurukul | 1 Hospital Management System | 2026-02-11 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-2179 | 1 Phpgurukul | 1 Hospital Management System | 2026-02-10 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-1550 | 1 Phpgurukul | 1 Hospital Management System | 2026-02-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2025-56212 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 9.8 CRITICAL |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter. | |||||
| CVE-2025-56214 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 9.8 CRITICAL |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter. | |||||
| CVE-2025-56215 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 6.5 MEDIUM |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter. | |||||
| CVE-2025-56216 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 8.5 HIGH |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. | |||||
| CVE-2025-7604 | 1 Phpgurukul | 1 Hospital Management System | 2025-07-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7176 | 1 Phpgurukul | 1 Hospital Management System | 2025-07-08 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-26628 | 1 Phpgurukul | 1 Hospital Management System | 2025-06-20 | N/A | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile. | |||||
| CVE-2020-26627 | 1 Phpgurukul | 1 Hospital Management System | 2025-06-03 | N/A | 4.9 MEDIUM |
| A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. | |||||
| CVE-2024-51360 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-29 | N/A | 9.8 CRITICAL |
| An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file | |||||
| CVE-2020-26630 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-22 | N/A | 4.9 MEDIUM |
| A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin. | |||||
| CVE-2020-26629 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-09 | N/A | 9.8 CRITICAL |
| A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. | |||||
| CVE-2022-42206 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-08 | N/A | 5.4 MEDIUM |
| PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. | |||||
| CVE-2022-42205 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-08 | N/A | 5.4 MEDIUM |
| PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php. | |||||
| CVE-2021-35388 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-07 | N/A | 5.4 MEDIUM |
| Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. | |||||