PT-2025-47367 · Kishan0725 · Hospital Management System
Published
2025-11-18
·
Updated
2025-11-19
·
CVE-2025-63513
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
kishan0725 Hospital Management System version 4
Description
The software contains an Insecure Direct Object Reference (IDOR) issue within the appointment cancellation functionality. This allows potential unauthorized access and manipulation of data. The issue involves direct access to objects without proper authorization checks.
Recommendations
Implement robust authorization checks within the appointment cancellation functionality to ensure users can only cancel their own appointments.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hospital Management System