| Title | code-projects Hospital Management System 1.0 Session Fixiation |
|---|
| Description | The Hospital Management System uses express-session for session management with a hardcoded and weak secret string ('secret'). The secret is used to sign session cookies, ensuring the integrity of session data. A weak or hardcoded secret allows attackers to forge session cookies, potentially bypassing authentication and impersonating other users. This vulnerability can lead to unauthorized access to sensitive patient records and administrative functions. |
|---|
| Source | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hospital%20Management%20System.md |
|---|
| User | lakshay12311 (UID 91298) |
|---|
| Submission | 10/10/2025 08:47 (8 months ago) |
|---|
| Moderation | 10/10/2025 15:59 (7 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 327932 [code-projects Hospital Management System 1.0 express-session secret hard-coded key] |
|---|
| Points | 20 |
|---|