Openhis · Openhis · CVE-2024-46532
**Name of the Vulnerable Software and Affected Versions**
OpenHIS version 1.0
**Description**
A SQL Injection issue allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. Users are urged to update to the latest release to mitigate risks.
**Recommendations**
For OpenHIS version 1.0, update to the latest release immediately to mitigate risks.
As a temporary workaround, consider disabling the refund function in the PayController.class.php component until a patch is available.