Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
kishan0725
114019.6%CRITICAL

Related CVEs

14
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-63514kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter.MEDIUM6.16.5%Nov 18, 2025
CVE-2025-63513kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functionality.MEDIUM6.514.3%Nov 18, 2025
CVE-2025-63512kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize user-supplied input from the demail parameter before incorporating it directly into a dynamic SQL query.MEDIUM6.511.0%Nov 18, 2025
CVE-2023-41532Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.HIGH8.819.9%Aug 7, 2025
CVE-2023-41531Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.HIGH8.819.9%Aug 7, 2025
CVE-2023-41530Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.CRITICAL9.824.5%Aug 7, 2025
CVE-2023-41529Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters.MEDIUM6.18.6%Aug 7, 2025
CVE-2023-41528Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.CRITICAL9.824.5%Aug 7, 2025
CVE-2023-41527Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.CRITICAL9.824.5%Aug 7, 2025
CVE-2023-41526Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.CRITICAL9.824.5%Aug 7, 2025
CVE-2023-41525Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.CRITICAL9.824.5%Aug 7, 2025
CVE-2023-40992Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.MEDIUM6.510.5%Aug 7, 2025
CVE-2023-43958An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code.CRITICAL9.857.9%Apr 22, 2025
CVE-2024-45983A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an authenticated admin user to visit the specially crafted web page, the attacker can leverage the victim's browser to make unauthorized requests to the vulnerable endpoint, effectively allowing the attacker to perform actions on behalf of the admin without their consent.MEDIUM6.33.3%Sep 26, 2024