Dumpling-Soup

**Name of the Vulnerable Software and Affected Versions** Hospital Management System (affected versions not specified) **Description** The issue is related to a SQL Injection vulnerability in the Hospital Management System. This vulnerability is caused by a lack of input validation in the `messearch.php` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hospital Management System (affected versions not specified) **Description** The issue concerns unauthenticated doctor entry deletion in the Hospital Management System, specifically affecting the admin-panel1.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hospital Management System (affected versions not specified) **Description** The issue is related to a persistent cross-site scripting (XSS) in the Hospital Management System, specifically targeted towards web admin through the `prescribe.php` endpoint. This allows for malicious scripts to be injected and executed, potentially leading to unauthorized access or data manipulation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hospital Management System (affected versions not specified) **Description** The issue is related to a persistent cross-site scripting (XSS) in the Hospital Management System, specifically targeting web admin through the contact.php file. This allows for malicious scripts to be injected and executed, potentially leading to unauthorized access or data manipulation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ExponentCMS versions 2.6 and below **Description** A HTTP Host header attack exists in ExponentCMS, allowing a modified HTTP header to change links on the webpage to an arbitrary value. This can lead to a possible attack vector for Man-in-the-Middle (MITM) attacks. The issue is related to a lack of output encoding or escaping mechanism in the system, which can be exploited by a remote attacker to impact the integrity of protected information by modifying the HTTP header. **Recommendations** For ExponentCMS versions 2.6 and below, consider disabling access to the /exponent constants.php file until a patch is available. As a temporary workaround, restrict the modification of HTTP headers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.