PT-2022-15341 · Unknown · Sourcecodester Hospital'S Patient Records Management System
Vlakhani28
·
Published
2022-01-24
·
Updated
2022-01-28
·
CVE-2022-22296
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sourcecodester Hospital's Patient Records Management System version 1.0
Description
The system is affected by an issue related to insecure permissions. This issue can be exploited via the
id parameter in the "manage user" endpoint. By changing the value of this parameter, an attacker can display data of other users.Recommendations
For Sourcecodester Hospital's Patient Records Management System version 1.0, consider restricting access to the "manage user" endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the
id parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Hospital'S Patient Records Management System