PT-2024-16737 · Sourcecodester · Sourcecodester Hospital Management System

Salah Tayeh

Published

2024-11-11

Updated

2024-11-18

CVE-2024-11073

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Hospital Management System version 1.0

Description A vulnerability has been found in the SourceCodester Hospital Management System, affecting an unknown part of the file /vm/patient/delete-account.php. The manipulation of the id argument leads to improper authorization, allowing for remote attacks. This issue can lead to unauthorized deletion of patient accounts.

Recommendations Update to the latest version of the SourceCodester Hospital Management System to mitigate risks. As a temporary workaround, consider restricting access to the /vm/patient/delete-account.php endpoint until a patch is available. Review access controls to prevent unauthorized actions.

Exploit

Fix

Improper Authorization

Incorrect Privilege Assignment

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266CWE-639

Related Identifiers

CVE-2024-11073

Affected Products

Sourcecodester Hospital Management System

PT-2024-16737 · Sourcecodester · Sourcecodester Hospital Management System

CVE-2024-11073

Weakness Enumeration

Related Identifiers

Affected Products

References · 25