Hospital management system
This hub aggregates every CVE we track for Hospital management system, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
167
CVEs tracked
39
Critical
52
High
0
In CISA KEV
Severity distribution
MEDIUM63HIGH52CRITICAL39LOW13
Monthly trend
1
0
4
7
9
4
3
0
2
2
8
7
2
16
1
1
4
0
1
5
0
1
0
3
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Hospital management system.
- CVE-2026-11514itsourcecode Hospital Management System addpatient.php sql injection6.3
- CVE-2026-11513itsourcecode Hospital Management System adminaccount.php sql injection6.3
- CVE-2026-11512itsourcecode Hospital Management System billing.php cross site scripting4.3
- CVE-2026-6602rickxy Hospital Management System his_admin_account.php unrestricted upload7.3
- CVE-2025-70063The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'vie...6.5
- CVE-2025-70064PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., ...8.8
- CVE-2025-70062PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-d...6.5
- CVE-2026-2179PHPGurukul Hospital Management System manage-users.php sql injection4.7
- CVE-2026-2134PHPGurukul Hospital Management System manage-doctors.php sql injection4.7
- CVE-2026-1550PHPGurukul Hospital Management System Admin Dashboard adminviews.py improper authorization6.3
- CVE-2025-63513kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functionality.6.5
- CVE-2025-63512kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize u...6.5
- CVE-2025-63514kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter.6.1
- CVE-2025-63497The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The pat_number GET parame...7.1
- CVE-2025-11609code-projects Hospital Management System express-session hard-coded key3.7
Product normalization is registry-driven with AI assist and human review. How it works