CVE-2022-38637

CRITICAL NUCLEI

Hospital Management System v1.0 - SQL Injection

Title source: llm

Description

Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.

Nuclei Templates (1)

Hospital Management System 1.0 - SQL Injection

CRITICALVERIFIEDby arafatansari

Shodan: http.html:"Hospital Management System" || http.html:"hospital management system"

FOFA: body="hospital management system"

References (2)

[Third Party Advisory] https://owasp.org/www-community/attacks/SQL_Injection

[Exploit, Third Party Advisory] https://www.youtube.com/watch?v=m8nW0p69UHU

Scores

CVSS v3 9.8

EPSS 0.3141

EPSS Percentile 96.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

hospital_management_system_project/hospital_management_system 1.0

Published Sep 13, 2022

Tracked Since Feb 18, 2026