CVEブラウザに戻る

CVE-2021-38754

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0260%

EPSS Percentile9.68th

Published2021年8月16日

Last Modified2024年11月21日

Vulnerability Description

SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.

Affected Platforms (CPE)

📦

Hospital Management System Project

Hospital Management System

All versions

References & Advisories

🔗 https://github.com/kishan0725/Hospital-Management-System/issues/7

🔗 https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38754

🔗 https://streamable.com/y9qy4m

🔗 https://github.com/kishan0725/Hospital-Management-System/issues/7

🔗 https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38754

🔗 https://streamable.com/y9qy4m

関連する脆弱性情報

CVE-2020-266299.8

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauth...

CVE-2021-436289.8

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.

CVE-2018-173939.8

SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/...

CVE-2021-436299.8

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php.