PT-2022-23538 · Unknown · Hospital Information System
Saitamang
·
Published
2022-09-14
·
Updated
2022-09-16
·
CVE-2022-36669
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hospital Information System version 1.0
Description
The issue is a remote SQL injection vulnerability that allows for authentication bypass.
Recommendations
For Hospital Information System version 1.0, consider disabling remote access to the SQL database as a temporary workaround until a patch is available. Restrict access to sensitive data and authentication mechanisms to minimize the risk of exploitation.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hospital Information System