CVE-2022-38637
CRITICAL NUCLEIHospital Management System v1.0 - SQL Injection
Title source: llmExploitation Summary
CVE-2022-38637 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.
Nuclei Templates (1)
Hospital Management System 1.0 - SQL Injection
CRITICALVERIFIEDby arafatansari
Shodan:
http.html:"Hospital Management System" || http.html:"hospital management system"
FOFA:
body="hospital management system"
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://owasp.org/www-community/attacks/SQL_Injection
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=m8nW0p69UHU
Scores
CVSS v3
9.8
EPSS
0.0443
EPSS Percentile
90.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
hospital_management_system_project/hospital_management_system
1.0
Published
Sep 13, 2022
Tracked Since
Feb 18, 2026