| Title | sfturing hosporder v1.0 SQL Injection |
|---|
| Description | There is an sql injection vulnerability in the function point for querying hospital data at the front desk. Attackers can execute sql statements through the function point without authorization. |
|---|
| Source | ⚠️ https://github.com/sfturing/hosp_order/issues/110 |
|---|
| User | bi8bu (UID 84151) |
|---|
| Submission | 06/20/2025 06:52 (12 months ago) |
|---|
| Moderation | 06/27/2025 08:02 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 314082 [sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8 HospitalServiceImpl.java findAllHosByCondition hospitalName sql injection] |
|---|
| Points | 16 |
|---|