Onyxglitch

**Name of the Vulnerable Software and Affected Versions** medkey-org medkey versions up to fc09b7ba9441ff590b72d428d5380834216b09ed **Description** An issue in the HTTP REST API component allows remote attackers to manipulate the `ID` argument within the `actionGetPatientById()` function of the `appmodulesmedicalportrestcontrollersPatientController.php` file. This leads to improper control of resource identifiers, also known as resource injection, where an application does not sufficiently validate the identifiers used to access resources. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.