CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-18705

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile1.63th
Published2018年10月29日
Last Modified2024年11月21日

Vulnerability Description

PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php.

Affected Platforms (CPE)

📦
Phptpoint

Hospital Management System

= 1.0

References & Advisories

🔗 https://packetstormsecurity.com/files/149942/PHPTPoint-Hospital-Management-System-1-SQL-Injection.html
🔗 https://packetstormsecurity.com/files/149942/PHPTPoint-Hospital-Management-System-1-SQL-Injection.html

関連する脆弱性情報

CVE-2021-387549.8

SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.

CVE-2020-266299.8

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauth...

CVE-2018-173939.8

SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/...

CVE-2021-436289.8

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.