PT-2023-23364 · Unknown · Phpgurukul Hospital Management System
Captain-Noob
·
Published
2023-05-11
·
Updated
2023-11-14
·
CVE-2023-31498
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHP Gurukul Hospital Management System version 4.0
Description
A privilege escalation issue allows a remote attacker to execute arbitrary code and access sensitive information via the
session token parameter.Recommendations
For PHP Gurukul Hospital Management System version 4.0, consider restricting access to the
session token parameter until a patch is available. As a temporary workaround, disabling the use of session tokens may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Session Fixation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Hospital Management System