Aggregates CVE and security vulnerability intelligence across all kishan0725-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection, vendor risk cross-site scripting, and vendor risk csrf and related problems; some flaws may lead to vendor impact data exposure and vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-63514 | kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter. | [email protected] | 6.1 | 0.16% | 2025-11-18 | 2026-06-17 |
| CVE-2025-63513 | kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functionality. | [email protected] | 6.5 | 0.23% | 2025-11-18 | 2026-06-17 |
| CVE-2025-63512 | kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize user-supplied input from the demail parameter before incorporating it directly into a dynamic SQL query. | [email protected] | 6.5 | 0.20% | 2025-11-18 | 2026-06-17 |
| CVE-2023-41532 | Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php. | [email protected] | 8.8 | 0.28% | 2025-08-07 | 2026-06-17 |
| CVE-2023-41531 | Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters. | [email protected] | 8.8 | 0.28% | 2025-08-07 | 2026-06-17 |
| CVE-2023-41530 | Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. | [email protected] | 9.8 | 0.33% | 2025-08-07 | 2026-06-17 |
| CVE-2023-41529 | Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters. | [email protected] | 6.1 | 0.17% | 2025-08-07 | 2026-06-17 |
| CVE-2023-41528 | Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters. | [email protected] | 9.8 | 0.33% | 2025-08-07 | 2026-06-17 |
| CVE-2023-41527 | Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php. | [email protected] | 9.8 | 0.33% | 2025-08-07 | 2026-06-17 |
| CVE-2023-41526 | Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters. | [email protected] | 9.8 | 0.33% | 2025-08-07 | 2026-06-17 |
| CVE-2023-41525 | Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | [email protected] | 9.8 | 0.33% | 2025-08-07 | 2026-06-17 |
| CVE-2023-40992 | Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter. | [email protected] | 6.5 | 0.18% | 2025-08-07 | 2026-06-17 |
| CVE-2023-43958 | An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code. | [email protected] | 9.8 | 0.98% | 2025-04-22 | 2026-06-17 |
| CVE-2024-45983 | A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an authenticated admin user to visit the specially crafted web page, the attacker can leverage the victim's browser to make unauthorized requests to the vulnerable endpoint, effectively allowing the attacker to perform actions on behalf of the admin witho | [email protected] | 6.3 | 0.14% | 2024-09-26 | 2026-06-17 |