projectworldsofficial/hospital-management-system-in-php

Releases0

Stars55

This is Hospital Management System Hospital management system is one of the best software that manages various activities in hospital that has 3 login features (account type) Features: 1. Front Page Slideshow 2. Login / Logout for customer. 3. Seperate login for admin (location/hms-admin) - username: admin, password: admin 4. Navigation Bar 5. Ability to Add patient detail and book appointment. 6. CSS using Twitter Bootstrap Brief overview of the technology: Front end: HTML, CSS, JavaScript HTML: HTML is used to create and save web document. E.g. Notepad/Notepad++ CSS : (Cascading Style Sheets) Create attractive Layout Bootstrap : responsive design mobile freindly site JavaScript: it is a programming language, commonly use with web browsers. Back end: PHP, MySQL PHP: Hypertext Preprocessor (PHP) is a technology that allows software developers to create dynamically generated web pages, in HTML, XML, or other document types, as per client request. PHP is open source software. MySQL: MySql is a database, widely used for accessing querying, updating, and managing data in databases. Software Requirement(any one) WAMP Server XAMPP Server MAMP Server LAMP Server Installation Steps 1. Download zip file and Unzip file on your local server. 2. Put this file inside "c:/wamp/www/" . 3. Database Configuration Open phpmyadmin Create Database named hospital. Import database hospital.sql from downloaded folder(inside database) 4. Open Your browser put inside "http://localhost/hospital-management-system-php-mysql-master" Admin Login Details Login Id: [email protected] Password: admin Doctor Login Details Login Id: [email protected] Password: admin Admin Login Details Login Id: [email protected] Password: admin

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-8785 ↗	May 18, 2026Monday, 18 May 2026, 04:16	7.3 HIGH	7.5 HIGH
A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update_info.php of the component GET Parameter Handler. Executing a manipulation of the argument appointment_no can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2023-5004 ↗	Sep 28, 2023Thursday, 28 September 2023, 21:15	9.8 CRITICAL	—
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
CVE-2023-5053 ↗	Sep 28, 2023Thursday, 28 September 2023, 21:15	9.8 CRITICAL	—
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
CVE-2022-33880 ↗	Sep 29, 2022Thursday, 29 September 2022, 19:15	9.8 CRITICAL	—
hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.
CVE-2021-44095 ↗	Jun 2, 2022Thursday, 2 June 2022, 14:15	9.8 CRITICAL	7.5 HIGH
A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database.
CVE-2021-45852 ↗	Mar 16, 2022Wednesday, 16 March 2022, 10:15	5.3 MEDIUM	5 MEDIUM
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.
CVE-2021-43628 ↗	Dec 22, 2021Wednesday, 22 December 2021, 18:15	9.8 CRITICAL	7.5 HIGH
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.
CVE-2021-43629 ↗	Dec 22, 2021Wednesday, 22 December 2021, 18:15	9.8 CRITICAL	7.5 HIGH
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php.
CVE-2021-43630 ↗	Dec 22, 2021Wednesday, 22 December 2021, 18:15	8.8 HIGH	6.5 MEDIUM
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server.
CVE-2021-43631 ↗	Dec 22, 2021Wednesday, 22 December 2021, 18:15	9.8 CRITICAL	7.5 HIGH
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php.