Hospital Management Center patient-info.php pt_id sql injection

Una vulnerabilidad ha sido encontrada en Hospital Management Center y clasificada como crítica. Una función desconocida del archivo patient-info.php es afectada por esta vulnerabilidad. A través de la manipulación del parámetro pt_id de un input desconocido se causa una vulnerabilidad de clase sql injection. El advisory puede ser descargado de github.com. La vulnerabilidad es identificada como CVE-2022-4012. El ataque puede ser realizado a través de la red. Los detalles técnicos son conocidos. Fue declarado como proof-of-concept. El exploit puede ser descargado de github.com. Una solución posible ha sido publicada incluso antes y no después de la publicación de la vulnerabilidad.

Campo2022-11-16 08:492022-12-19 09:492022-12-19 09:52
nameHospital Management CenterHospital Management CenterHospital Management Center
filepatient-info.phppatient-info.phppatient-info.php
argumentpt_idpt_idpt_id
cwe89 (sql injection)89 (sql injection)89 (sql injection)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
urlhttps://github.com/golamsarwar08/hms/issues/1https://github.com/golamsarwar08/hms/issues/1https://github.com/golamsarwar08/hms/issues/1
availability111
publicity111
urlhttps://github.com/golamsarwar08/hms/issues/1https://github.com/golamsarwar08/hms/issues/1https://github.com/golamsarwar08/hms/issues/1
cveCVE-2022-4012CVE-2022-4012CVE-2022-4012
responsibleVulDBVulDBVulDB
date1668553200 (2022-11-16)1668553200 (2022-11-16)1668553200 (2022-11-16)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore5.65.65.6
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore5.75.75.7
cvss3_meta_basescore6.36.37.5
cvss3_meta_tempscore5.75.77.3
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1668553200 (2022-11-16)1668553200 (2022-11-16)
cve_nvd_summaryA vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213786 is the identifier assigned to this vulnerability.A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213786 is the identifier assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss3_nvd_basescore9.8
cvss3_cna_basescore6.3

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!