Search criteria
34 vulnerabilities found for Hospital Management System by PHPGurukul
CVE-2025-8955 (GCVE-0-2025-8955)
Vulnerability from cvelistv5 – Published: 2025-08-14 09:32 – Updated: 2025-08-14 14:49
VLAI?
Title
PHPGurukul Hospital Management System edit-doctor.php sql injection
Summary
A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
LitBot (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8955",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T14:31:30.820720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T14:49:17.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LitBot123/mycve/issues/3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LitBot (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Hierbei betrifft es unbekannten Programmcode der Datei /admin/edit-doctor.php. Dank der Manipulation des Arguments docfees mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T09:32:06.607Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319924 | PHPGurukul Hospital Management System edit-doctor.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319924"
},
{
"name": "VDB-319924 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319924"
},
{
"name": "Submit #627832 | PHPGurukul Hospital Management System V4.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.627832"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LitBot123/mycve/issues/3"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-13T16:12:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System edit-doctor.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8955",
"datePublished": "2025-08-14T09:32:06.607Z",
"dateReserved": "2025-08-13T14:07:25.009Z",
"dateUpdated": "2025-08-14T14:49:17.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8954 (GCVE-0-2025-8954)
Vulnerability from cvelistv5 – Published: 2025-08-14 09:02 – Updated: 2025-08-14 14:49
VLAI?
Title
PHPGurukul Hospital Management System doctor-specilization.php sql injection
Summary
A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
LitBot (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8954",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T13:37:38.999555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T14:49:29.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LitBot123/mycve/issues/2"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LitBot (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Dabei betrifft es einen unbekannter Codeteil der Datei /admin/doctor-specilization.php. Durch Beeinflussen des Arguments doctorspecilization mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T09:02:10.057Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319923 | PHPGurukul Hospital Management System doctor-specilization.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319923"
},
{
"name": "VDB-319923 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319923"
},
{
"name": "Submit #627831 | PHPGurukul Hospital Management System V4.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.627831"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LitBot123/mycve/issues/2"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-13T16:12:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System doctor-specilization.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8954",
"datePublished": "2025-08-14T09:02:10.057Z",
"dateReserved": "2025-08-13T14:07:22.236Z",
"dateUpdated": "2025-08-14T14:49:29.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7604 (GCVE-0-2025-7604)
Vulnerability from cvelistv5 – Published: 2025-07-14 12:32 – Updated: 2025-07-14 13:34
VLAI?
Title
PHPGurukul Hospital Management System user-login.php sql injection
Summary
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7604",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T13:34:15.521178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T13:34:18.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/f1rstb100d/myCVE/issues/143"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Hospital Management System 4.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /user-login.php. Durch das Beeinflussen des Arguments Username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T12:32:06.348Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316303 | PHPGurukul Hospital Management System user-login.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316303"
},
{
"name": "VDB-316303 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316303"
},
{
"name": "Submit #615321 | PHPGurukul Hospital Management System 4.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.615321"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/f1rstb100d/myCVE/issues/143"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-13T16:43:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System user-login.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7604",
"datePublished": "2025-07-14T12:32:06.348Z",
"dateReserved": "2025-07-13T14:38:04.832Z",
"dateUpdated": "2025-07-14T13:34:18.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7176 (GCVE-0-2025-7176)
Vulnerability from cvelistv5 – Published: 2025-07-08 11:32 – Updated: 2025-07-08 20:26
VLAI?
Title
PHPGurukul Hospital Management System view-medhistory.php sql injection
Summary
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
y2xsec (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7176",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T20:19:57.606866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T20:26:04.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "y2xsec (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Hospital Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei view-medhistory.php. Durch das Beeinflussen des Arguments viewid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T11:32:07.057Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-315115 | PHPGurukul Hospital Management System view-medhistory.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.315115"
},
{
"name": "VDB-315115 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.315115"
},
{
"name": "Submit #606776 | PHPGurukul Hospital Management System 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.606776"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/y2xsec324/cve/issues/9"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-07T10:01:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System view-medhistory.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7176",
"datePublished": "2025-07-08T11:32:07.057Z",
"dateReserved": "2025-07-07T07:56:10.107Z",
"dateUpdated": "2025-07-08T20:26:04.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6613 (GCVE-0-2025-6613)
Vulnerability from cvelistv5 – Published: 2025-06-25 09:25 – Updated: 2025-06-25 13:40
VLAI?
Title
PHPGurukul Hospital Management System manage-patient.php cross site scripting
Summary
A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
Subhash Paudel (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6613",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T13:39:31.367066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:40:06.947Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Subhash Paudel (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Hospital Management System 4.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /doctor/manage-patient.php. Dank Manipulation des Arguments Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T09:25:49.562Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-313831 | PHPGurukul Hospital Management System manage-patient.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.313831"
},
{
"name": "VDB-313831 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.313831"
},
{
"name": "Submit #602005 | PHPGurukul Hospital Management System 4.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.602005"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Vanshdhawan188/Stored-XSS-Hospital-Management/blob/main/Stored-XSS-Hospital-Management.md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-25T09:11:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System manage-patient.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6613",
"datePublished": "2025-06-25T09:25:49.562Z",
"dateReserved": "2025-06-25T07:06:22.937Z",
"dateUpdated": "2025-06-25T13:40:06.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6570 (GCVE-0-2025-6570)
Vulnerability from cvelistv5 – Published: 2025-06-24 15:31 – Updated: 2025-06-25 13:41
VLAI?
Title
PHPGurukul Hospital Management System search.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
Subhash Paudel (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6570",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T13:41:28.517892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:41:30.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Ant1sec-ops/HMS4.0-Avdisories/blob/main/Union-based-sqli-on-doctor-search/exploit.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Subhash Paudel (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in PHPGurukul Hospital Management System 4.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei /doctor/search.php. Dank der Manipulation des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:31:06.365Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-313742 | PHPGurukul Hospital Management System search.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.313742"
},
{
"name": "VDB-313742 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.313742"
},
{
"name": "Submit #601698 | PHPGurukul Hospital Management System 4.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.601698"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Ant1sec-ops/HMS4.0-Avdisories/blob/main/Union-based-sqli-on-doctor-search/exploit.md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-24T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-24T10:19:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System search.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6570",
"datePublished": "2025-06-24T15:31:06.365Z",
"dateReserved": "2025-06-24T08:14:03.888Z",
"dateUpdated": "2025-06-25T13:41:30.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5584 (GCVE-0-2025-5584)
Vulnerability from cvelistv5 – Published: 2025-06-04 10:00 – Updated: 2025-06-04 13:15
VLAI?
Title
PHPGurukul Hospital Management System POST Parameter edit-patient.php cross site scripting
Summary
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipulation of the argument patname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
Subhash Paudel (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5584",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T13:14:49.699145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T13:15:04.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Parameter Handler"
],
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Subhash Paudel (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipulation of the argument patname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in PHPGurukul Hospital Management System 4.0 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei /doctor/edit-patient.php?editid=2 der Komponente POST Parameter Handler. Durch Beeinflussen des Arguments patname mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T10:00:20.873Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311046 | PHPGurukul Hospital Management System POST Parameter edit-patient.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.311046"
},
{
"name": "VDB-311046 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311046"
},
{
"name": "Submit #588828 | PHPGurukul Hospital-Management-System 4.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.588828"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Ant1sec-ops/Hospital-management-Systemv4.0-Stored-XSS/blob/main/stored-xss-exploit.md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-03T22:56:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System POST Parameter edit-patient.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5584",
"datePublished": "2025-06-04T10:00:20.873Z",
"dateReserved": "2025-06-03T20:51:50.183Z",
"dateUpdated": "2025-06-04T13:15:04.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10807 (GCVE-0-2024-10807)
Vulnerability from cvelistv5 – Published: 2024-11-05 01:00 – Updated: 2024-11-05 16:14
VLAI?
Title
PHPGurukul Hospital Management System search.php cross site scripting
Summary
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
secuserx (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hospital_management_system",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10807",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T15:14:08.188189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T16:14:40.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "secuserx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in PHPGurukul Hospital Management System 4.0 ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei hms/doctor/search.php. Dank Manipulation des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T01:00:08.591Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-283031 | PHPGurukul Hospital Management System search.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.283031"
},
{
"name": "VDB-283031 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.283031"
},
{
"name": "Submit #436551 | PHPGurukul Hospital Management System (HMS) 4.0 Improper Neutralization of Alternate XSS Syntax",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.436551"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(search.php).md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-04T18:50:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System search.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10807",
"datePublished": "2024-11-05T01:00:08.591Z",
"dateReserved": "2024-11-04T17:45:05.852Z",
"dateUpdated": "2024-11-05T16:14:40.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10806 (GCVE-0-2024-10806)
Vulnerability from cvelistv5 – Published: 2024-11-05 00:31 – Updated: 2024-11-05 16:21
VLAI?
Title
PHPGurukul Hospital Management System betweendates-detailsreports.php cross site scripting
Summary
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
secuserx (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hospital_management_system",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10806",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T15:49:49.827446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T16:21:25.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "secuserx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Hospital Management System 4.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei betweendates-detailsreports.php. Dank der Manipulation des Arguments fromdate/todate mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T00:31:05.507Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-283030 | PHPGurukul Hospital Management System betweendates-detailsreports.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.283030"
},
{
"name": "VDB-283030 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.283030"
},
{
"name": "Submit #436547 | PHPGuruku Hospital Management System (HMS) 4.0 Improper Neutralization of Alternate XSS Syntax",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.436547"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(betweendates-detailsreports.php).md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-04T18:50:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System betweendates-detailsreports.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10806",
"datePublished": "2024-11-05T00:31:05.507Z",
"dateReserved": "2024-11-04T17:45:03.604Z",
"dateUpdated": "2024-11-05T16:21:25.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0364 (GCVE-0-2024-0364)
Vulnerability from cvelistv5 – Published: 2024-01-10 03:00 – Updated: 2025-06-03 14:28
VLAI?
Title
PHPGurukul Hospital Management System query-details.php sql injection
Summary
A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
heishou (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.250131"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250131"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL11.docx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0364",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:56:14.772661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:28:18.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "heishou (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in PHPGurukul Hospital Management System 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei admin/query-details.php. Mit der Manipulation des Arguments adminremark mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T03:00:05.400Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.250131"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250131"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL11.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T16:12:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System query-details.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0364",
"datePublished": "2024-01-10T03:00:05.400Z",
"dateReserved": "2024-01-09T15:06:28.529Z",
"dateUpdated": "2025-06-03T14:28:18.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0363 (GCVE-0-2024-0363)
Vulnerability from cvelistv5 – Published: 2024-01-10 02:31 – Updated: 2025-04-17 15:50
VLAI?
Title
PHPGurukul Hospital Management System patient-search.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
heishou (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.250130"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250130"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL10.docx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0363",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T17:26:36.350217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:50:22.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "heishou (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in PHPGurukul Hospital Management System 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei admin/patient-search.php. Dank Manipulation des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T02:31:03.318Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.250130"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250130"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL10.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T16:12:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System patient-search.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0363",
"datePublished": "2024-01-10T02:31:03.318Z",
"dateReserved": "2024-01-09T15:06:24.484Z",
"dateUpdated": "2025-04-17T15:50:22.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0362 (GCVE-0-2024-0362)
Vulnerability from cvelistv5 – Published: 2024-01-10 02:00 – Updated: 2025-05-09 18:56
VLAI?
Title
PHPGurukul Hospital Management System change-password.php sql injection
Summary
A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
heishou (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.250129"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250129"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL8.docx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0362",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T18:55:57.268904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T18:56:10.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "heishou (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "In PHPGurukul Hospital Management System 1.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei admin/change-password.php. Dank der Manipulation des Arguments cpass mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T02:00:06.459Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.250129"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250129"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL8.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T16:12:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System change-password.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0362",
"datePublished": "2024-01-10T02:00:06.459Z",
"dateReserved": "2024-01-09T15:06:20.207Z",
"dateUpdated": "2025-05-09T18:56:10.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0361 (GCVE-0-2024-0361)
Vulnerability from cvelistv5 – Published: 2024-01-10 02:00 – Updated: 2025-06-17 20:59
VLAI?
Title
PHPGurukul Hospital Management System contact.php sql injection
Summary
A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
heishou (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.250128"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250128"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL7.docx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0361",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T17:31:44.134717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:59:17.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "heishou (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in PHPGurukul Hospital Management System 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei admin/contact.php. Durch Beeinflussen des Arguments mobnum mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T02:00:05.367Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.250128"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250128"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL7.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T16:11:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System contact.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0361",
"datePublished": "2024-01-10T02:00:05.367Z",
"dateReserved": "2024-01-09T15:06:16.489Z",
"dateUpdated": "2025-06-17T20:59:17.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0360 (GCVE-0-2024-0360)
Vulnerability from cvelistv5 – Published: 2024-01-10 01:31 – Updated: 2024-09-03 20:17
VLAI?
Title
PHPGurukul Hospital Management System edit-doctor-specialization.php sql injection
Summary
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
heishou (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.250127"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250127"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL4.docx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0360",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T20:17:18.449429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T20:17:27.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "heishou (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in PHPGurukul Hospital Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei admin/edit-doctor-specialization.php. Durch das Beeinflussen des Arguments doctorspecilization mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T01:31:05.270Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.250127"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250127"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL4.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T16:11:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System edit-doctor-specialization.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0360",
"datePublished": "2024-01-10T01:31:05.270Z",
"dateReserved": "2024-01-09T15:06:14.529Z",
"dateUpdated": "2024-09-03T20:17:27.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0286 (GCVE-0-2024-0286)
Vulnerability from cvelistv5 – Published: 2024-01-07 17:31 – Updated: 2025-06-17 20:29
VLAI?
Title
PHPGurukul Hospital Management System Contact Form index.php#contact_us cross site scripting
Summary
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
Adarsh C
mallutrojan (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:48.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.249843"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249843"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0286",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-20T23:23:41.878427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:29:15.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Contact Form"
],
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adarsh C"
},
{
"lang": "en",
"type": "analyst",
"value": "mallutrojan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in PHPGurukul Hospital Management System 1.0 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei index.php#contact_us der Komponente Contact Form. Dank der Manipulation des Arguments Name/Email/Message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-07T17:31:04.014Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.249843"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249843"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-06T20:10:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System Contact Form index.php#contact_us cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0286",
"datePublished": "2024-01-07T17:31:04.014Z",
"dateReserved": "2024-01-06T15:42:57.101Z",
"dateUpdated": "2025-06-17T20:29:15.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8955 (GCVE-0-2025-8955)
Vulnerability from nvd – Published: 2025-08-14 09:32 – Updated: 2025-08-14 14:49
VLAI?
Title
PHPGurukul Hospital Management System edit-doctor.php sql injection
Summary
A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
LitBot (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8955",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T14:31:30.820720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T14:49:17.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LitBot123/mycve/issues/3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LitBot (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Hierbei betrifft es unbekannten Programmcode der Datei /admin/edit-doctor.php. Dank der Manipulation des Arguments docfees mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T09:32:06.607Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319924 | PHPGurukul Hospital Management System edit-doctor.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319924"
},
{
"name": "VDB-319924 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319924"
},
{
"name": "Submit #627832 | PHPGurukul Hospital Management System V4.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.627832"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LitBot123/mycve/issues/3"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-13T16:12:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System edit-doctor.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8955",
"datePublished": "2025-08-14T09:32:06.607Z",
"dateReserved": "2025-08-13T14:07:25.009Z",
"dateUpdated": "2025-08-14T14:49:17.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8954 (GCVE-0-2025-8954)
Vulnerability from nvd – Published: 2025-08-14 09:02 – Updated: 2025-08-14 14:49
VLAI?
Title
PHPGurukul Hospital Management System doctor-specilization.php sql injection
Summary
A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
LitBot (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8954",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T13:37:38.999555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T14:49:29.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LitBot123/mycve/issues/2"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LitBot (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Dabei betrifft es einen unbekannter Codeteil der Datei /admin/doctor-specilization.php. Durch Beeinflussen des Arguments doctorspecilization mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T09:02:10.057Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319923 | PHPGurukul Hospital Management System doctor-specilization.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319923"
},
{
"name": "VDB-319923 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319923"
},
{
"name": "Submit #627831 | PHPGurukul Hospital Management System V4.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.627831"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LitBot123/mycve/issues/2"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-13T16:12:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System doctor-specilization.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8954",
"datePublished": "2025-08-14T09:02:10.057Z",
"dateReserved": "2025-08-13T14:07:22.236Z",
"dateUpdated": "2025-08-14T14:49:29.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7604 (GCVE-0-2025-7604)
Vulnerability from nvd – Published: 2025-07-14 12:32 – Updated: 2025-07-14 13:34
VLAI?
Title
PHPGurukul Hospital Management System user-login.php sql injection
Summary
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7604",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T13:34:15.521178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T13:34:18.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/f1rstb100d/myCVE/issues/143"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Hospital Management System 4.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /user-login.php. Durch das Beeinflussen des Arguments Username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T12:32:06.348Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316303 | PHPGurukul Hospital Management System user-login.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316303"
},
{
"name": "VDB-316303 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316303"
},
{
"name": "Submit #615321 | PHPGurukul Hospital Management System 4.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.615321"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/f1rstb100d/myCVE/issues/143"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-13T16:43:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System user-login.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7604",
"datePublished": "2025-07-14T12:32:06.348Z",
"dateReserved": "2025-07-13T14:38:04.832Z",
"dateUpdated": "2025-07-14T13:34:18.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7176 (GCVE-0-2025-7176)
Vulnerability from nvd – Published: 2025-07-08 11:32 – Updated: 2025-07-08 20:26
VLAI?
Title
PHPGurukul Hospital Management System view-medhistory.php sql injection
Summary
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
y2xsec (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7176",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T20:19:57.606866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T20:26:04.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "y2xsec (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Hospital Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei view-medhistory.php. Durch das Beeinflussen des Arguments viewid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T11:32:07.057Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-315115 | PHPGurukul Hospital Management System view-medhistory.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.315115"
},
{
"name": "VDB-315115 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.315115"
},
{
"name": "Submit #606776 | PHPGurukul Hospital Management System 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.606776"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/y2xsec324/cve/issues/9"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-07T10:01:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System view-medhistory.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7176",
"datePublished": "2025-07-08T11:32:07.057Z",
"dateReserved": "2025-07-07T07:56:10.107Z",
"dateUpdated": "2025-07-08T20:26:04.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6613 (GCVE-0-2025-6613)
Vulnerability from nvd – Published: 2025-06-25 09:25 – Updated: 2025-06-25 13:40
VLAI?
Title
PHPGurukul Hospital Management System manage-patient.php cross site scripting
Summary
A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
Subhash Paudel (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6613",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T13:39:31.367066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:40:06.947Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Subhash Paudel (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Hospital Management System 4.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /doctor/manage-patient.php. Dank Manipulation des Arguments Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T09:25:49.562Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-313831 | PHPGurukul Hospital Management System manage-patient.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.313831"
},
{
"name": "VDB-313831 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.313831"
},
{
"name": "Submit #602005 | PHPGurukul Hospital Management System 4.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.602005"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Vanshdhawan188/Stored-XSS-Hospital-Management/blob/main/Stored-XSS-Hospital-Management.md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-25T09:11:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System manage-patient.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6613",
"datePublished": "2025-06-25T09:25:49.562Z",
"dateReserved": "2025-06-25T07:06:22.937Z",
"dateUpdated": "2025-06-25T13:40:06.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6570 (GCVE-0-2025-6570)
Vulnerability from nvd – Published: 2025-06-24 15:31 – Updated: 2025-06-25 13:41
VLAI?
Title
PHPGurukul Hospital Management System search.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
Subhash Paudel (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6570",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T13:41:28.517892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:41:30.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Ant1sec-ops/HMS4.0-Avdisories/blob/main/Union-based-sqli-on-doctor-search/exploit.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Subhash Paudel (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in PHPGurukul Hospital Management System 4.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei /doctor/search.php. Dank der Manipulation des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:31:06.365Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-313742 | PHPGurukul Hospital Management System search.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.313742"
},
{
"name": "VDB-313742 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.313742"
},
{
"name": "Submit #601698 | PHPGurukul Hospital Management System 4.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.601698"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Ant1sec-ops/HMS4.0-Avdisories/blob/main/Union-based-sqli-on-doctor-search/exploit.md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-24T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-24T10:19:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System search.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6570",
"datePublished": "2025-06-24T15:31:06.365Z",
"dateReserved": "2025-06-24T08:14:03.888Z",
"dateUpdated": "2025-06-25T13:41:30.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5584 (GCVE-0-2025-5584)
Vulnerability from nvd – Published: 2025-06-04 10:00 – Updated: 2025-06-04 13:15
VLAI?
Title
PHPGurukul Hospital Management System POST Parameter edit-patient.php cross site scripting
Summary
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipulation of the argument patname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
Subhash Paudel (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5584",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T13:14:49.699145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T13:15:04.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Parameter Handler"
],
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Subhash Paudel (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipulation of the argument patname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in PHPGurukul Hospital Management System 4.0 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei /doctor/edit-patient.php?editid=2 der Komponente POST Parameter Handler. Durch Beeinflussen des Arguments patname mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T10:00:20.873Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311046 | PHPGurukul Hospital Management System POST Parameter edit-patient.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.311046"
},
{
"name": "VDB-311046 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311046"
},
{
"name": "Submit #588828 | PHPGurukul Hospital-Management-System 4.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.588828"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Ant1sec-ops/Hospital-management-Systemv4.0-Stored-XSS/blob/main/stored-xss-exploit.md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-03T22:56:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System POST Parameter edit-patient.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5584",
"datePublished": "2025-06-04T10:00:20.873Z",
"dateReserved": "2025-06-03T20:51:50.183Z",
"dateUpdated": "2025-06-04T13:15:04.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10807 (GCVE-0-2024-10807)
Vulnerability from nvd – Published: 2024-11-05 01:00 – Updated: 2024-11-05 16:14
VLAI?
Title
PHPGurukul Hospital Management System search.php cross site scripting
Summary
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
secuserx (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hospital_management_system",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10807",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T15:14:08.188189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T16:14:40.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "secuserx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in PHPGurukul Hospital Management System 4.0 ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei hms/doctor/search.php. Dank Manipulation des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T01:00:08.591Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-283031 | PHPGurukul Hospital Management System search.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.283031"
},
{
"name": "VDB-283031 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.283031"
},
{
"name": "Submit #436551 | PHPGurukul Hospital Management System (HMS) 4.0 Improper Neutralization of Alternate XSS Syntax",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.436551"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(search.php).md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-04T18:50:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System search.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10807",
"datePublished": "2024-11-05T01:00:08.591Z",
"dateReserved": "2024-11-04T17:45:05.852Z",
"dateUpdated": "2024-11-05T16:14:40.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10806 (GCVE-0-2024-10806)
Vulnerability from nvd – Published: 2024-11-05 00:31 – Updated: 2024-11-05 16:21
VLAI?
Title
PHPGurukul Hospital Management System betweendates-detailsreports.php cross site scripting
Summary
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
4.0
|
Credits
secuserx (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hospital_management_system",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10806",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T15:49:49.827446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T16:21:25.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "secuserx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Hospital Management System 4.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei betweendates-detailsreports.php. Dank der Manipulation des Arguments fromdate/todate mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T00:31:05.507Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-283030 | PHPGurukul Hospital Management System betweendates-detailsreports.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.283030"
},
{
"name": "VDB-283030 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.283030"
},
{
"name": "Submit #436547 | PHPGuruku Hospital Management System (HMS) 4.0 Improper Neutralization of Alternate XSS Syntax",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.436547"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(betweendates-detailsreports.php).md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-04T18:50:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System betweendates-detailsreports.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10806",
"datePublished": "2024-11-05T00:31:05.507Z",
"dateReserved": "2024-11-04T17:45:03.604Z",
"dateUpdated": "2024-11-05T16:21:25.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0364 (GCVE-0-2024-0364)
Vulnerability from nvd – Published: 2024-01-10 03:00 – Updated: 2025-06-03 14:28
VLAI?
Title
PHPGurukul Hospital Management System query-details.php sql injection
Summary
A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
heishou (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.250131"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250131"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL11.docx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0364",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:56:14.772661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:28:18.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "heishou (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in PHPGurukul Hospital Management System 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei admin/query-details.php. Mit der Manipulation des Arguments adminremark mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T03:00:05.400Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.250131"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250131"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL11.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T16:12:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System query-details.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0364",
"datePublished": "2024-01-10T03:00:05.400Z",
"dateReserved": "2024-01-09T15:06:28.529Z",
"dateUpdated": "2025-06-03T14:28:18.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0363 (GCVE-0-2024-0363)
Vulnerability from nvd – Published: 2024-01-10 02:31 – Updated: 2025-04-17 15:50
VLAI?
Title
PHPGurukul Hospital Management System patient-search.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
heishou (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.250130"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250130"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL10.docx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0363",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T17:26:36.350217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:50:22.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "heishou (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in PHPGurukul Hospital Management System 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei admin/patient-search.php. Dank Manipulation des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T02:31:03.318Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.250130"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250130"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL10.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T16:12:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System patient-search.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0363",
"datePublished": "2024-01-10T02:31:03.318Z",
"dateReserved": "2024-01-09T15:06:24.484Z",
"dateUpdated": "2025-04-17T15:50:22.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0362 (GCVE-0-2024-0362)
Vulnerability from nvd – Published: 2024-01-10 02:00 – Updated: 2025-05-09 18:56
VLAI?
Title
PHPGurukul Hospital Management System change-password.php sql injection
Summary
A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
heishou (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.250129"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250129"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL8.docx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0362",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T18:55:57.268904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T18:56:10.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "heishou (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "In PHPGurukul Hospital Management System 1.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei admin/change-password.php. Dank der Manipulation des Arguments cpass mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T02:00:06.459Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.250129"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250129"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL8.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T16:12:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System change-password.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0362",
"datePublished": "2024-01-10T02:00:06.459Z",
"dateReserved": "2024-01-09T15:06:20.207Z",
"dateUpdated": "2025-05-09T18:56:10.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0361 (GCVE-0-2024-0361)
Vulnerability from nvd – Published: 2024-01-10 02:00 – Updated: 2025-06-17 20:59
VLAI?
Title
PHPGurukul Hospital Management System contact.php sql injection
Summary
A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
heishou (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.250128"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250128"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL7.docx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0361",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T17:31:44.134717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:59:17.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "heishou (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in PHPGurukul Hospital Management System 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei admin/contact.php. Durch Beeinflussen des Arguments mobnum mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T02:00:05.367Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.250128"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250128"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL7.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T16:11:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System contact.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0361",
"datePublished": "2024-01-10T02:00:05.367Z",
"dateReserved": "2024-01-09T15:06:16.489Z",
"dateUpdated": "2025-06-17T20:59:17.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0360 (GCVE-0-2024-0360)
Vulnerability from nvd – Published: 2024-01-10 01:31 – Updated: 2024-09-03 20:17
VLAI?
Title
PHPGurukul Hospital Management System edit-doctor-specialization.php sql injection
Summary
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
heishou (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.250127"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250127"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL4.docx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0360",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T20:17:18.449429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T20:17:27.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "heishou (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in PHPGurukul Hospital Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei admin/edit-doctor-specialization.php. Durch das Beeinflussen des Arguments doctorspecilization mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T01:31:05.270Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.250127"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250127"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL4.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T16:11:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System edit-doctor-specialization.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0360",
"datePublished": "2024-01-10T01:31:05.270Z",
"dateReserved": "2024-01-09T15:06:14.529Z",
"dateUpdated": "2024-09-03T20:17:27.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0286 (GCVE-0-2024-0286)
Vulnerability from nvd – Published: 2024-01-07 17:31 – Updated: 2025-06-17 20:29
VLAI?
Title
PHPGurukul Hospital Management System Contact Form index.php#contact_us cross site scripting
Summary
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Hospital Management System |
Affected:
1.0
|
Credits
Adarsh C
mallutrojan (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:48.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.249843"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249843"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0286",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-20T23:23:41.878427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:29:15.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Contact Form"
],
"product": "Hospital Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adarsh C"
},
{
"lang": "en",
"type": "analyst",
"value": "mallutrojan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in PHPGurukul Hospital Management System 1.0 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei index.php#contact_us der Komponente Contact Form. Dank der Manipulation des Arguments Name/Email/Message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-07T17:31:04.014Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.249843"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249843"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-06T20:10:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Hospital Management System Contact Form index.php#contact_us cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0286",
"datePublished": "2024-01-07T17:31:04.014Z",
"dateReserved": "2024-01-06T15:42:57.101Z",
"dateUpdated": "2025-06-17T20:29:15.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}