{
  "id": "CVE-2020-22171",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-06-22T15:15:16.220",
  "lastModified": "2021-06-24T13:41:13.233",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information."
    },
    {
      "lang": "es",
      "value": "PHPGurukul Hospital Management System en PHP versi\u00f3n v4.0, presenta una vulnerabilidad de inyecci\u00f3n SQL en el archivo \\hms\\registration.php. Los usuarios no autentificados remoto  pueden explotar la vulnerabilidad para obtener informaci\u00f3n confidencial de la base de datos"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05FF7CFC-733D-443A-8114-7D274283B088"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/itodaro/PHPGurukul_Hospital_Management_System4.0_cve",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}