| عنوان | code-projects Hospital Management System 1.0 Session Fixiation |
|---|
| الوصف | The Hospital Management System uses express-session for session management with a hardcoded and weak secret string ('secret'). The secret is used to sign session cookies, ensuring the integrity of session data. A weak or hardcoded secret allows attackers to forge session cookies, potentially bypassing authentication and impersonating other users. This vulnerability can lead to unauthorized access to sensitive patient records and administrative functions. |
|---|
| المصدر | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hospital%20Management%20System.md |
|---|
| المستخدم | lakshay12311 (UID 91298) |
|---|
| ارسال | 10/10/2025 08:47 AM (8 أشهر منذ) |
|---|
| الاعتدال | 10/10/2025 03:59 PM (7 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 327932 [code-projects Hospital Management System 1.0 express-session secret تشفير ضعيف] |
|---|
| النقاط | 20 |
|---|