CyberSec.Space Logo
Back to CVE Browser

CVE-2018-18705

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile1.63th
PublishedOct 29, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php.

Affected Platforms (CPE)

📦
Phptpoint

Hospital Management System

= 1.0

References & Advisories

🔗 https://packetstormsecurity.com/files/149942/PHPTPoint-Hospital-Management-System-1-SQL-Injection.html
🔗 https://packetstormsecurity.com/files/149942/PHPTPoint-Hospital-Management-System-1-SQL-Injection.html

Related Vulnerabilities

CVE-2021-387549.8

SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.

CVE-2020-266299.8

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauth...

CVE-2018-173939.8

SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/...

CVE-2021-436289.8

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.