CVE-2020-22170: SQL Injection
First published: Tue Jun 22 2021(Updated: )
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHPGurukul Hospital Management System in PHP | =4.0 | |
| PHPGURUKUL Hospital Management System | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-22170?
The severity of CVE-2020-22170 is high with a CVSS score of 7.5.
How can remote unauthenticated users exploit CVE-2020-22170?
Remote unauthenticated users can exploit CVE-2020-22170 by exploiting the SQL injection vulnerability in \hms\get_doctor.php to obtain database sensitive information.
What is the affected version of PHPGurukul Hospital Management System in PHP?
The affected version of PHPGurukul Hospital Management System in PHP is version 4.0.
Is there a fix available for CVE-2020-22170?
Yes, there is a fix available for CVE-2020-22170. Please refer to the provided reference link for more information on the fix.
What is the CWE ID of CVE-2020-22170?
The CWE ID of CVE-2020-22170 is 89.
- collector/nvd-index
- collector/nvd-api
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/phpgurukul
- canonical/phpgurukul hospital management system in php
- version/phpgurukul hospital management system in php/4.0
- canonical/phpgurukul hospital management system
- version/phpgurukul hospital management system/4.0