PT-2022-12438 · Projectworlds · Projectworlds Hospital Management System

Xunyang1

Published

2022-03-16

Updated

2022-07-12

CVE-2021-45852

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Projectworlds Hospital Management System version 1.0

Description An issue was discovered that allows unauthorized malicious attackers to add patients without restriction. This is achieved via the add patient.php endpoint.

Recommendations For Projectworlds Hospital Management System version 1.0, consider restricting access to the add patient.php endpoint until a patch is available. As a temporary workaround, limit the functionality of this endpoint to authorized users only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-670

Related Identifiers

CVE-2021-45852

Affected Products

Projectworlds Hospital Management System

PT-2022-12438 · Projectworlds · Projectworlds Hospital Management System

CVE-2021-45852

Weakness Enumeration

Related Identifiers

Affected Products

References · 4