Phpgurukul

Hospital Management System

67 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-70064

Exploit
  • EPSS 0.09%
  • Veröffentlicht 18.02.2026 00:00:00
  • Zuletzt bearbeitet 23.02.2026 21:03:37

PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to...

6.5

CVE-2025-70063

Exploit
  • EPSS 0.03%
  • Veröffentlicht 18.02.2026 00:00:00
  • Zuletzt bearbeitet 26.02.2026 22:33:37

The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated...

6.5

CVE-2025-70062

Exploit
  • EPSS 0.02%
  • Veröffentlicht 18.02.2026 00:00:00
  • Zuletzt bearbeitet 23.02.2026 21:03:09

PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to c...

7.2

CVE-2026-2179

Exploit
  • EPSS 0.04%
  • Veröffentlicht 08.02.2026 19:32:07
  • Zuletzt bearbeitet 10.02.2026 14:44:16

A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The ex...

7.2

CVE-2026-2134

Exploit
  • EPSS 0.03%
  • Veröffentlicht 08.02.2026 04:02:07
  • Zuletzt bearbeitet 11.02.2026 18:54:59

A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack ma...

8.8

CVE-2026-1550

Exploit
  • EPSS 0.02%
  • Veröffentlicht 28.01.2026 23:02:10
  • Zuletzt bearbeitet 09.02.2026 15:42:50

A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulati...

9.8

CVE-2025-56214

  • EPSS 0.04%
  • Veröffentlicht 25.08.2025 00:00:00
  • Zuletzt bearbeitet 02.09.2025 18:16:11

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.

8.5

CVE-2025-56216

  • EPSS 0.03%
  • Veröffentlicht 25.08.2025 00:00:00
  • Zuletzt bearbeitet 02.09.2025 18:11:49

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.

9.8

CVE-2025-56212

  • EPSS 0.04%
  • Veröffentlicht 25.08.2025 00:00:00
  • Zuletzt bearbeitet 02.09.2025 18:16:17

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.

6.5

CVE-2025-56215

  • EPSS 0.04%
  • Veröffentlicht 25.08.2025 00:00:00
  • Zuletzt bearbeitet 02.09.2025 18:11:57

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter.