CyberSec.Space Logo
Back to CVE Browser

CVE-2020-26629

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1210%
EPSS Percentile6.49th
PublishedJan 10, 2024
Last ModifiedMay 9, 2025

Vulnerability Description

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.

Affected Platforms (CPE)

📦
Phpgurukul

Hospital Management System

= 4.0

References & Advisories

🔗 https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.html
🔗 https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.html

Related Vulnerabilities

CVE-2021-387549.8

SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.

CVE-2021-436289.8

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.

CVE-2018-173939.8

SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/...

CVE-2021-436299.8

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php.