PT-2024-16679 · Unknown · Code-Projects E-Health Care System

Qqqbalabala

Published

2024-11-07

Updated

2024-11-13

CVE-2024-10987

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions code-projects E-Health Care System version 1.0

Description A critical issue was found in the code-projects E-Health Care System, affecting an unknown functionality of the file /Doctor/user appointment.php. The manipulation of the arguments schedule id, schedule date, schedule day, start time, end time, and booking leads to SQL injection. The attack can be launched remotely.

Recommendations For code-projects E-Health Care System version 1.0, patch immediately and validate input sanitization on the backend to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the vulnerable file /Doctor/user appointment.php until a patch is available.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2024-10987

Affected Products

Code-Projects E-Health Care System

PT-2024-16679 · Unknown · Code-Projects E-Health Care System

CVE-2024-10987

Weakness Enumeration

Related Identifiers

Affected Products

References · 12