Search
Find a vulnerability
Search criteria
14 vulnerabilities found for hospital_management_system_in_php by projectworlds
CVE-2023-5053 (GCVE-0-2023-5053)
Vulnerability from nvd – Published: 2023-09-28 20:43 – Updated: 2024-09-23 18:09
VLAI
EPSS
VEX
Title
SQL Injection in hospital-management-system-in-php 378c157 in index.php
Summary
Hospital management system version 378c157 allows to bypass authentication.
This is possible because the application is vulnerable to SQLI.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| hospital-management-system | hospital-management-system |
Affected:
378c157
|
|
| projectworlds | hospital_management_system_in_php |
Affected:
2018-06-17
cpe:2.3:a:projectworlds:hospital_management_system_in_php:2018-06-17:*:*:*:*:*:*:* |
Date Public
2023-09-28 20:42
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/shierro"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projectworlds:hospital_management_system_in_php:2018-06-17:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "hospital_management_system_in_php",
"vendor": "projectworlds",
"versions": [
{
"status": "affected",
"version": "2018-06-17"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5053",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:08:11.919074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T18:09:12.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "hospital-management-system",
"vendor": "hospital-management-system",
"versions": [
{
"status": "affected",
"version": "378c157"
}
]
}
],
"datePublic": "2023-09-28T20:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eHospital management system version 378c157 allows to bypass authentication.\u003c/div\u003e\u003cdiv\u003eThis is possible because the application is vulnerable to SQLI.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Hospital management system version 378c157 allows to bypass authentication.\n\nThis is possible because the application is vulnerable to SQLI.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T15:50:00.710Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"url": "https://fluidattacks.com/advisories/shierro"
},
{
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL Injection in hospital-management-system-in-php 378c157 in index.php",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2023-5053",
"datePublished": "2023-09-28T20:43:41.655Z",
"dateReserved": "2023-09-18T14:32:37.483Z",
"dateUpdated": "2024-09-23T18:09:12.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5004 (GCVE-0-2023-5004)
Vulnerability from nvd – Published: 2023-09-28 20:40 – Updated: 2024-09-23 18:10
VLAI
EPSS
VEX
Title
Hospital-management-system-in-php 378c157 - Blind SQL Injection
Summary
Hospital management system version 378c157 allows to bypass authentication.
This is possible because the application is vulnerable to SQLI.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hospital-management-system | Hospital-management-system |
Affected:
378c157
|
|
| projectworlds | hospital_management_system_in_php |
Affected:
2018-06-17
cpe:2.3:a:projectworlds:hospital_management_system_in_php:2018-06-17:*:*:*:*:*:*:* |
Date Public
2023-09-28 20:37
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/alcocer"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projectworlds:hospital_management_system_in_php:2018-06-17:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "hospital_management_system_in_php",
"vendor": "projectworlds",
"versions": [
{
"status": "affected",
"version": "2018-06-17"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5004",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:09:46.896430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T18:10:20.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hospital-management-system",
"vendor": "Hospital-management-system",
"versions": [
{
"status": "affected",
"version": "378c157"
}
]
}
],
"datePublic": "2023-09-28T20:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eHospital management system version 378c157 allows to bypass authentication.\u003c/div\u003e\u003cdiv\u003eThis is possible because the application is vulnerable to SQLI.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Hospital management system version 378c157 allows to bypass authentication.\n\nThis is possible because the application is vulnerable to SQLI.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-28T20:40:58.591Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"url": "https://fluidattacks.com/advisories/alcocer"
},
{
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hospital-management-system-in-php 378c157 - Blind SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2023-5004",
"datePublished": "2023-09-28T20:40:58.591Z",
"dateReserved": "2023-09-15T20:23:52.160Z",
"dateUpdated": "2024-09-23T18:10:20.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45852 (GCVE-0-2021-45852)
Vulnerability from nvd – Published: 2022-03-16 09:37 – Updated: 2024-08-04 04:54
VLAI
EPSS
VEX
Summary
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/projectworldsofficial/hospital… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:31.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T09:37:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/6",
"refsource": "MISC",
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45852",
"datePublished": "2022-03-16T09:37:31.000Z",
"dateReserved": "2021-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:54:31.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43631 (GCVE-0-2021-43631)
Vulnerability from nvd – Published: 2021-12-22 17:20 – Updated: 2024-08-04 04:03
VLAI
EPSS
VEX
Summary
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://projectworlds.in/free-projects/php-projec… | x_refsource_MISC |
| https://github.com/projectworldsofficial/hospital… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-22T17:20:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/",
"refsource": "MISC",
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"name": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/5",
"refsource": "MISC",
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43631",
"datePublished": "2021-12-22T17:20:07.000Z",
"dateReserved": "2021-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:08.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43630 (GCVE-0-2021-43630)
Vulnerability from nvd – Published: 2021-12-22 17:19 – Updated: 2024-08-04 04:03
VLAI
EPSS
VEX
Summary
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://projectworlds.in/free-projects/php-projec… | x_refsource_MISC |
| https://github.com/projectworldsofficial/hospital… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-22T17:19:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/",
"refsource": "MISC",
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"name": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/4",
"refsource": "MISC",
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43630",
"datePublished": "2021-12-22T17:19:15.000Z",
"dateReserved": "2021-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:08.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43629 (GCVE-0-2021-43629)
Vulnerability from nvd – Published: 2021-12-22 17:18 – Updated: 2024-08-04 04:03
VLAI
EPSS
VEX
Summary
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://projectworlds.in/free-projects/php-projec… | x_refsource_MISC |
| https://github.com/projectworldsofficial/hospital… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-22T17:18:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/",
"refsource": "MISC",
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"name": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/3",
"refsource": "MISC",
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43629",
"datePublished": "2021-12-22T17:18:32.000Z",
"dateReserved": "2021-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:08.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43628 (GCVE-0-2021-43628)
Vulnerability from nvd – Published: 2021-12-22 17:17 – Updated: 2024-08-04 04:03
VLAI
EPSS
VEX
Summary
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/projectworldsofficial/hospital… | x_refsource_MISC |
| https://projectworlds.in/free-projects/php-projec… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-22T17:17:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2",
"refsource": "MISC",
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2"
},
{
"name": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/",
"refsource": "MISC",
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43628",
"datePublished": "2021-12-22T17:17:09.000Z",
"dateReserved": "2021-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:08.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5053 (GCVE-0-2023-5053)
Vulnerability from cvelistv5 – Published: 2023-09-28 20:43 – Updated: 2024-09-23 18:09
VLAI
EPSS
VEX
Title
SQL Injection in hospital-management-system-in-php 378c157 in index.php
Summary
Hospital management system version 378c157 allows to bypass authentication.
This is possible because the application is vulnerable to SQLI.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| hospital-management-system | hospital-management-system |
Affected:
378c157
|
|
| projectworlds | hospital_management_system_in_php |
Affected:
2018-06-17
cpe:2.3:a:projectworlds:hospital_management_system_in_php:2018-06-17:*:*:*:*:*:*:* |
Date Public
2023-09-28 20:42
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/shierro"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projectworlds:hospital_management_system_in_php:2018-06-17:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "hospital_management_system_in_php",
"vendor": "projectworlds",
"versions": [
{
"status": "affected",
"version": "2018-06-17"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5053",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:08:11.919074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T18:09:12.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "hospital-management-system",
"vendor": "hospital-management-system",
"versions": [
{
"status": "affected",
"version": "378c157"
}
]
}
],
"datePublic": "2023-09-28T20:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eHospital management system version 378c157 allows to bypass authentication.\u003c/div\u003e\u003cdiv\u003eThis is possible because the application is vulnerable to SQLI.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Hospital management system version 378c157 allows to bypass authentication.\n\nThis is possible because the application is vulnerable to SQLI.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T15:50:00.710Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"url": "https://fluidattacks.com/advisories/shierro"
},
{
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL Injection in hospital-management-system-in-php 378c157 in index.php",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2023-5053",
"datePublished": "2023-09-28T20:43:41.655Z",
"dateReserved": "2023-09-18T14:32:37.483Z",
"dateUpdated": "2024-09-23T18:09:12.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5004 (GCVE-0-2023-5004)
Vulnerability from cvelistv5 – Published: 2023-09-28 20:40 – Updated: 2024-09-23 18:10
VLAI
EPSS
VEX
Title
Hospital-management-system-in-php 378c157 - Blind SQL Injection
Summary
Hospital management system version 378c157 allows to bypass authentication.
This is possible because the application is vulnerable to SQLI.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hospital-management-system | Hospital-management-system |
Affected:
378c157
|
|
| projectworlds | hospital_management_system_in_php |
Affected:
2018-06-17
cpe:2.3:a:projectworlds:hospital_management_system_in_php:2018-06-17:*:*:*:*:*:*:* |
Date Public
2023-09-28 20:37
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/alcocer"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projectworlds:hospital_management_system_in_php:2018-06-17:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "hospital_management_system_in_php",
"vendor": "projectworlds",
"versions": [
{
"status": "affected",
"version": "2018-06-17"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5004",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:09:46.896430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T18:10:20.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hospital-management-system",
"vendor": "Hospital-management-system",
"versions": [
{
"status": "affected",
"version": "378c157"
}
]
}
],
"datePublic": "2023-09-28T20:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eHospital management system version 378c157 allows to bypass authentication.\u003c/div\u003e\u003cdiv\u003eThis is possible because the application is vulnerable to SQLI.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Hospital management system version 378c157 allows to bypass authentication.\n\nThis is possible because the application is vulnerable to SQLI.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-28T20:40:58.591Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"url": "https://fluidattacks.com/advisories/alcocer"
},
{
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hospital-management-system-in-php 378c157 - Blind SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2023-5004",
"datePublished": "2023-09-28T20:40:58.591Z",
"dateReserved": "2023-09-15T20:23:52.160Z",
"dateUpdated": "2024-09-23T18:10:20.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45852 (GCVE-0-2021-45852)
Vulnerability from cvelistv5 – Published: 2022-03-16 09:37 – Updated: 2024-08-04 04:54
VLAI
EPSS
VEX
Summary
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/projectworldsofficial/hospital… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:31.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T09:37:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/6",
"refsource": "MISC",
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45852",
"datePublished": "2022-03-16T09:37:31.000Z",
"dateReserved": "2021-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:54:31.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43631 (GCVE-0-2021-43631)
Vulnerability from cvelistv5 – Published: 2021-12-22 17:20 – Updated: 2024-08-04 04:03
VLAI
EPSS
VEX
Summary
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://projectworlds.in/free-projects/php-projec… | x_refsource_MISC |
| https://github.com/projectworldsofficial/hospital… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-22T17:20:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/",
"refsource": "MISC",
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"name": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/5",
"refsource": "MISC",
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43631",
"datePublished": "2021-12-22T17:20:07.000Z",
"dateReserved": "2021-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:08.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43630 (GCVE-0-2021-43630)
Vulnerability from cvelistv5 – Published: 2021-12-22 17:19 – Updated: 2024-08-04 04:03
VLAI
EPSS
VEX
Summary
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://projectworlds.in/free-projects/php-projec… | x_refsource_MISC |
| https://github.com/projectworldsofficial/hospital… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-22T17:19:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/",
"refsource": "MISC",
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"name": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/4",
"refsource": "MISC",
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43630",
"datePublished": "2021-12-22T17:19:15.000Z",
"dateReserved": "2021-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:08.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43629 (GCVE-0-2021-43629)
Vulnerability from cvelistv5 – Published: 2021-12-22 17:18 – Updated: 2024-08-04 04:03
VLAI
EPSS
VEX
Summary
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://projectworlds.in/free-projects/php-projec… | x_refsource_MISC |
| https://github.com/projectworldsofficial/hospital… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-22T17:18:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/",
"refsource": "MISC",
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
},
{
"name": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/3",
"refsource": "MISC",
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43629",
"datePublished": "2021-12-22T17:18:32.000Z",
"dateReserved": "2021-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:08.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43628 (GCVE-0-2021-43628)
Vulnerability from cvelistv5 – Published: 2021-12-22 17:17 – Updated: 2024-08-04 04:03
VLAI
EPSS
VEX
Summary
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/projectworldsofficial/hospital… | x_refsource_MISC |
| https://projectworlds.in/free-projects/php-projec… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-22T17:17:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2",
"refsource": "MISC",
"url": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2"
},
{
"name": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/",
"refsource": "MISC",
"url": "https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43628",
"datePublished": "2021-12-22T17:17:09.000Z",
"dateReserved": "2021-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:08.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}