Kishan0725 Hospital Management System — known CVE vulnerabilities
Every CVE whose affected-product data names Kishan0725 Hospital Management System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2023-41530 — CVSS 9.8 (critical): Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
CVE-2023-41525 — CVSS 9.8 (critical): Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in…
CVE-2023-41526 — CVSS 9.8 (critical): Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3…
CVE-2023-41527 — CVSS 9.8 (critical): Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
CVE-2023-41528 — CVSS 9.8 (critical): Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone…
CVE-2023-43958 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows…
CVE-2023-41531 — CVSS 8.8 (high): Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2…
CVE-2023-41532 — CVSS 8.8 (high): Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.
CVE-2023-40992 — CVSS 6.5 (medium): Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.
CVE-2025-63512 — CVSS 6.5 (medium): kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic…
CVE-2025-63513 — CVSS 6.5 (medium): kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation…
CVE-2024-45983 — CVSS 6.3 (medium): A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows…
CVE-2025-63514 — CVSS 6.1 (medium): kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter.
CVE-2023-41529 — CVSS 6.1 (medium): Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and…