GCVE - cpe:2.3:a:codeastro:hospital_management

Approved changes feed: RSS · Atom

cpe:2.3:a:codeastro:hospital_management_system:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Codeastro (`f92dc1fe-f2d7-58ad-92b0-40a98a9042be`)
Product	Hospital Management System (`87afecfb-7eb0-570d-ac7a-d489cb23f37a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-11678`	vulnerable	2026-06-03 14:54:14.656790	CodeAstro Hospital Management System his_doc_register_patient.php cross site scripting LOW (3.5) A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Published: 2024-11-26T01:31:04.638Z Updated: 2024-11-26T15:26:13.327Z Open on db.gcve.eu Reference links https://vuldb.com/?id.286018 https://vuldb.com/?ctiid.286018 https://vuldb.com/?submit.448789 https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_stored_xss.md https://codeastro.com/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11677`	vulnerable	2026-06-03 14:54:14.656235	CodeAstro Hospital Management System Add Vendor Details Page his_admin_add_vendor.php cross site scripting LOW (3.5) A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument v_name/v_adr/v_number/v_email/v_phone/v_desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Published: 2024-11-26T01:00:20.559Z Updated: 2024-11-26T15:27:08.144Z Open on db.gcve.eu Reference links https://vuldb.com/?id.286017 https://vuldb.com/?ctiid.286017 https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_stored_xss.md https://www.youtube.com/watch?v=UsScmd8Xzuw https://codeastro.com/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11676`	vulnerable	2026-06-03 14:54:14.655547	CodeAstro Hospital Management System Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scripting LOW (3.5) A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Published: 2024-11-26T00:31:04.233Z Updated: 2024-11-26T15:33:07.591Z Open on db.gcve.eu Reference links https://vuldb.com/?id.286016 https://vuldb.com/?ctiid.286016 https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_stored_xss.md https://www.youtube.com/watch?v=UsScmd8Xzuw https://codeastro.com/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11675`	vulnerable	2026-06-03 14:54:14.653772	CodeAstro Hospital Management System Add Patient Details Page his_admin_register_patient.php cross site scripting LOW (3.5) A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Published: 2024-11-26T00:00:14.822Z Updated: 2024-11-26T15:33:47.856Z Open on db.gcve.eu Reference links https://vuldb.com/?id.286015 https://vuldb.com/?ctiid.286015 https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_stored_xss.md https://www.youtube.com/watch?v=UsScmd8Xzuw https://codeastro.com/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11674`	vulnerable	2026-06-03 14:54:14.652411	CodeAstro Hospital Management System his_doc_update-account.php unrestricted upload MEDIUM (6.3) A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Affected is an unknown function of the file /backend/doc/his_doc_update-account.php. The manipulation of the argument doc_dpic leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Published: 2024-11-25T23:31:05.332Z Updated: 2024-11-26T15:35:38.853Z Open on db.gcve.eu Reference links https://vuldb.com/?id.286014 https://vuldb.com/?ctiid.286014 https://vuldb.com/?submit.448705 https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_rce.md https://codeastro.com/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Hospital Management System

PURL mappings

Vulnerability references

Contribute