PT-2023-16841 · Sourcecodester · Health Center Patient Record Management System

Wangte

Publicado

2023-03-07

Atualizado

2024-05-17

CVE-2023-1253

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Health Center Patient Record Management System version 1.0

Description A critical issue was found in the login.php file, where the manipulation of the username argument leads to sql injection. This issue can be exploited remotely.

Recommendations For version 1.0, consider disabling the login functionality until a patch is available to prevent sql injection attacks through the username argument. Restrict access to the login.php file to minimize the risk of exploitation. Avoid using the username argument in the affected login endpoint until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-1253

Produtos afetados

Health Center Patient Record Management System

PT-2023-16841 · Sourcecodester · Health Center Patient Record Management System

CVE-2023-1253

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7