CVE-2024-10810

Name of the Vulnerable Software and Affected Versions code-projects E-Health Care System version 1.0 SQL Server 2019 (affected versions not specified)

Description A critical vulnerability was found in the code-projects E-Health Care System, affecting an unknown function of the file Doctor/app request.php. The manipulation of the app id argument leads to SQL injection. It is possible to launch the attack remotely. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For code-projects E-Health Care System version 1.0, consider disabling the unknown function of the file Doctor/app request.php until a patch is available. For SQL Server 2019, update to the latest version to mitigate risks. As a temporary workaround, restrict access to the app id argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability in code-projects E-Health Care System.