CVE-2022-32350

Name of the Vulnerable Software and Affected Versions Hospital's Patient Records Management System version 1.0

Description The issue concerns a SQL Injection vulnerability via the /hprms/classes/Master.php?f=delete room type API endpoint. This allows for potential unauthorized access and manipulation of patient records. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Hospital's Patient Records Management System version 1.0, consider disabling access to the /hprms/classes/Master.php?f=delete room type endpoint until a patch is available to prevent potential SQL Injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.