CVE-2022-25491

Name of the Vulnerable Software and Affected Versions HMS version 1.0

Description A SQL injection issue was discovered in HMS via the editid parameter in the appointment.php file. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For HMS version 1.0, consider restricting access to the appointment.php file or the editid parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the editid parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.