Phpgurukul Hospital Management System — known CVE vulnerabilities
Every CVE whose affected-product data names Phpgurukul Hospital Management System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (62)
CVE-2023-31498 — CVSS 9.8 (critical): A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary…
CVE-2020-26629 — CVSS 9.8 (critical): A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated…
CVE-2022-24263 — CVSS 9.8 (critical): Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via…
CVE-2025-56214 — CVSS 9.8 (critical): phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.
CVE-2024-51360 — CVSS 9.8 (critical): An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php…
CVE-2025-56212 — CVSS 9.8 (critical): phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.
CVE-2020-35745 — CVSS 8.8 (high): PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all…
CVE-2020-5192 — CVSS 8.8 (high): PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are…
CVE-2022-46499 — CVSS 8.8 (high): Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at…
CVE-2021-35387 — CVSS 8.8 (high): Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
CVE-2025-70064 — CVSS 8.8 (high): PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly…
CVE-2025-56216 — CVSS 8.5 (high): phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.
CVE-2022-46497 — CVSS 8.1 (high): Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at…
CVE-2020-22166 — CVSS 7.5 (high): PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated…
CVE-2020-22168 — CVSS 7.5 (high): PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users…
CVE-2020-22169 — CVSS 7.5 (high): PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated…
CVE-2020-22170 — CVSS 7.5 (high): PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users…
CVE-2020-22171 — CVSS 7.5 (high): PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users…
CVE-2020-22172 — CVSS 7.5 (high): PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users…
CVE-2020-22173 — CVSS 7.5 (high): PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users…
CVE-2020-22174 — CVSS 7.5 (high): PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated…
CVE-2020-22175 — CVSS 7.5 (high): PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote…
CVE-2020-22176 — CVSS 7.5 (high): PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote…
CVE-2022-24226 — CVSS 7.5 (high): Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
CVE-2022-24646 — CVSS 7.5 (high): Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php…
CVE-2020-22165 — CVSS 7.5 (high): PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users…
CVE-2020-22164 — CVSS 7.5 (high): PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated…
CVE-2025-7604 — CVSS 7.3 (high): A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is…
CVE-2023-7172 — CVSS 7.3 (high): A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is…
CVE-2025-7176 — CVSS 7.3 (high): A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is…
CVE-2025-70062 — CVSS 6.5 (medium): PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The…
CVE-2025-70063 — CVSS 6.5 (medium): The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR)…
CVE-2025-56215 — CVSS 6.5 (medium): phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter.
CVE-2026-1550 — CVSS 6.3 (medium): A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of…
CVE-2020-26628 — CVSS 6.1 (medium): A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary…
CVE-2020-5191 — CVSS 6.1 (medium): PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
CVE-2021-39411 — CVSS 6.1 (medium): Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in…
CVE-2020-5193 — CVSS 6.1 (medium): PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or…
CVE-2024-46238 — CVSS 5.9 (medium): Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in…
CVE-2024-46239 — CVSS 5.9 (medium): Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in…
CVE-2024-0361 — CVSS 5.5 (medium): A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the…
CVE-2024-0360 — CVSS 5.5 (medium): A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown…
CVE-2024-0362 — CVSS 5.5 (medium): A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown…
CVE-2024-0363 — CVSS 5.5 (medium): A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is…
CVE-2024-0364 — CVSS 5.5 (medium): A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of…
CVE-2024-46237 — CVSS 5.4 (medium): PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in…
CVE-2022-42206 — CVSS 5.4 (medium): PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php…
CVE-2022-42205 — CVSS 5.4 (medium): PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.
CVE-2021-35388 — CVSS 5.4 (medium): Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
CVE-2020-22167 — CVSS 5.4 (medium): PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php…
CVE-2020-26630 — CVSS 4.9 (medium): A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database…
CVE-2020-26627 — CVSS 4.9 (medium): A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database…
CVE-2026-2134 — CVSS 4.7 (medium): A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the…
CVE-2026-2179 — CVSS 4.7 (medium): A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file…
CVE-2024-56990 — CVSS 4.5 (medium): PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php.
CVE-2024-0286 — CVSS 4.3 (medium): A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part…
CVE-2023-7173 — CVSS 4.3 (medium): A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part…
CVE-2024-56997 — CVSS 4.2 (medium): PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter.
CVE-2024-56998 — CVSS 4.2 (medium): PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address.
CVE-2024-11675 — CVSS 3.5 (low): A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is…
CVE-2022-46498 — CVSS 2.7 (low): Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at…