kishan0725/Hospital-Management-System

GitHub

github.com

Releases0

Stars736

Hospital Management System using php and mysql

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-63514 ↗	Nov 18, 2025Tuesday, 18 November 2025, 18:16	6.1 MEDIUM	—
kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter.
CVE-2025-63513 ↗	Nov 18, 2025Tuesday, 18 November 2025, 17:16	6.5 MEDIUM	—
kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functionality.
CVE-2023-41532 ↗	Aug 7, 2025Thursday, 7 August 2025, 18:15	8.8 HIGH	—
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.
CVE-2023-41531 ↗	Aug 7, 2025Thursday, 7 August 2025, 18:15	8.8 HIGH	—
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.
CVE-2023-41530 ↗	Aug 7, 2025Thursday, 7 August 2025, 18:15	9.8 CRITICAL	—
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
CVE-2023-41529 ↗	Aug 7, 2025Thursday, 7 August 2025, 18:15	6.1 MEDIUM	—
Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters.
CVE-2023-41528 ↗	Aug 7, 2025Thursday, 7 August 2025, 18:15	9.8 CRITICAL	—
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
CVE-2023-41527 ↗	Aug 7, 2025Thursday, 7 August 2025, 18:15	9.8 CRITICAL	—
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
CVE-2023-41526 ↗	Aug 7, 2025Thursday, 7 August 2025, 18:15	9.8 CRITICAL	—
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.
CVE-2023-41525 ↗	Aug 7, 2025Thursday, 7 August 2025, 18:15	9.8 CRITICAL	—
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
CVE-2023-40992 ↗	Aug 7, 2025Thursday, 7 August 2025, 18:15	6.5 MEDIUM	—
Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.
CVE-2022-48120 ↗	Jan 20, 2023Friday, 20 January 2023, 19:15	9.8 CRITICAL	—
SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php.
CVE-2022-27420 ↗	May 4, 2022Wednesday, 4 May 2022, 03:15	9.8 CRITICAL	7.5 HIGH
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
CVE-2022-26244 ↗	Mar 30, 2022Wednesday, 30 March 2022, 00:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field.
CVE-2022-25409 ↗	Feb 28, 2022Monday, 28 February 2022, 23:15	5.4 MEDIUM	3.5 LOW
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.
CVE-2022-25408 ↗	Feb 28, 2022Monday, 28 February 2022, 23:15	5.4 MEDIUM	3.5 LOW
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php.
CVE-2022-25407 ↗	Feb 28, 2022Monday, 28 February 2022, 23:15	5.4 MEDIUM	3.5 LOW
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php.
CVE-2022-24646 ↗	Feb 10, 2022Thursday, 10 February 2022, 23:15	7.5 HIGH	7.8 HIGH
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.
CVE-2022-24263 ↗	Jan 31, 2022Monday, 31 January 2022, 22:15	9.8 CRITICAL	7.5 HIGH
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
CVE-2021-38754 ↗	Aug 16, 2021Monday, 16 August 2021, 14:15	9.8 CRITICAL	7.5 HIGH
SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.
CVE-2021-38757 ↗	Aug 16, 2021Monday, 16 August 2021, 14:15	6.1 MEDIUM	4.3 MEDIUM
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.
CVE-2021-38756 ↗	Aug 16, 2021Monday, 16 August 2021, 14:15	6.1 MEDIUM	4.3 MEDIUM
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php.
CVE-2021-38755 ↗	Aug 16, 2021Monday, 16 August 2021, 14:15	5.3 MEDIUM	5 MEDIUM
Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php.