PT-2022-24979 · Unknown · Tsruban Hhims
Ace
·
Published
2022-11-11
·
Updated
2022-11-16
·
CVE-2022-3956
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
tsruban HHIMS version 2.1
Description
A critical issue has been found in the Patient Portrait Handler component. The manipulation of the
PID argument leads to sql injection. This issue can be exploited remotely.Recommendations
For tsruban HHIMS version 2.1, apply a patch to fix this issue. As a temporary workaround, consider restricting the manipulation of the
PID argument to minimize the risk of exploitation.Exploit
Fix
Improper Neutralization
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tsruban Hhims