PT-2023-29232 · Sourcecodester · Sourcecodester Free Hospital Management System

Cookedmelon

Publicado

2023-08-20

Atualizado

2024-05-17

CVE-2023-4440

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Free Hospital Management System for Small Practices version 1.0

Description A critical issue has been found in the system, affecting the file appointment.php. The manipulation of the sheduledate argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For version 1.0, consider disabling the sheduledate argument in the appointment.php file until a patch is available. Restrict access to the appointment.php file to minimize the risk of exploitation. Avoid using the sheduledate argument in the affected endpoint until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-4440

Produtos afetados

Sourcecodester Free Hospital Management System

PT-2023-29232 · Sourcecodester · Sourcecodester Free Hospital Management System

CVE-2023-4440

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7