Phpgurukul Hospital_management_system

62 CVEs affecting Phpgurukul Hospital_management_system. Latest disclosed: 2026-02-18. Critical: 6, High: 24.

Top CVEs affecting Phpgurukul Hospital_management_system
CVESeverityScorePublishedSummary
CVE-2025-56214Critical9.82025-08-25phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.
CVE-2025-56212Critical9.82025-08-25phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.
CVE-2024-51360Critical9.82025-05-23An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file
CVE-2020-26629Critical9.82024-01-10A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload…
CVE-2023-31498Critical9.82023-05-11A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensiti…
CVE-2022-24263Critical9.82022-01-31Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
CVE-2025-70064High8.82026-02-18PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator…
CVE-2022-46499High8.82024-03-07Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php.
CVE-2021-35387High8.82022-10-28Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
CVE-2020-35745High8.82021-01-07PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, docto…
CVE-2020-5192High8.82020-01-06PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user in…
CVE-2025-56216High8.52025-08-25phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.
CVE-2022-46497High8.12024-03-07Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_view_single_patien.php.
CVE-2022-24226High7.52022-02-15Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
CVE-2022-24646High7.52022-02-10Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parame…
CVE-2020-22176High7.52021-06-22PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can expl…
CVE-2020-22175High7.52021-06-22PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users…
CVE-2020-22174High7.52021-06-22PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the…
CVE-2020-22173High7.52021-06-22PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vuln…
CVE-2020-22172High7.52021-06-22PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulner…