PT-2022-15712 · Unknown · Hospital'S Patient Records Management System

Published

2022-02-14

Updated

2022-03-30

CVE-2022-22854

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hospital Patient Record Management System version 1.0

Description The issue is related to an access control problem in the hprms/admin/?page=user/list endpoint of the Hospital Patient Record Management System, allowing attackers to escalate privileges by accessing and editing the user list.

Recommendations For Hospital Patient Record Management System version 1.0, consider restricting access to the hprms/admin/?page=user/list endpoint until a patch is available. As a temporary workaround, limit the ability to edit the user list to authorized personnel only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2022-22854

Affected Products

Hospital'S Patient Records Management System

PT-2022-15712 · Unknown · Hospital'S Patient Records Management System

CVE-2022-22854

Weakness Enumeration

Related Identifiers

Affected Products

References · 5