Hospital Management Center appointment.php 跨网站请求伪造

条目历史差异jsonxmlCTI

在Hospital Management Center中曾发现分类为棘手的漏洞。受此漏洞影响的是未知功能文件：appointment.php。手动调试的不合法输入可导致跨网站请求伪造。漏洞的CWE定义是 CWE-352。此漏洞的脆弱性 2022-11-16所披露。阅读公告的网址是github.com。该漏洞被称作为CVE-2022-4013，攻击可能远程发起，有技术细节可用。此外还有一个漏洞可利用。该漏洞利用已公开，可能会被利用。当前漏洞利用的价值为美元大约是$0-$5k 。它被宣布为proof-of-concept。可以在github.com下载该漏洞利用。我们估计的零日攻击价值约为$0-$5k。该漏洞被披露后，此前未曾发表过可能的缓解措施。

字段	2022-11-16 08時53分	2022-12-19 09時56分	2022-12-19 10時00分
name	Hospital Management Center	Hospital Management Center	Hospital Management Center
file	appointment.php	appointment.php	appointment.php
cwe	352 (跨网站请求伪造)	352 (跨网站请求伪造)	352 (跨网站请求伪造)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
url	https://github.com/golamsarwar08/hms/issues/2	https://github.com/golamsarwar08/hms/issues/2	https://github.com/golamsarwar08/hms/issues/2
availability	1	1	1
publicity	1	1	1
url	https://github.com/golamsarwar08/hms/issues/2	https://github.com/golamsarwar08/hms/issues/2	https://github.com/golamsarwar08/hms/issues/2
cve	CVE-2022-4013	CVE-2022-4013	CVE-2022-4013
responsible	VulDB	VulDB	VulDB
date	1668553200 (2022-11-16)	1668553200 (2022-11-16)	1668553200 (2022-11-16)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.3	4.3	4.3
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.9	3.9	3.9
cvss3_meta_basescore	4.3	4.3	5.8
cvss3_meta_tempscore	3.9	3.9	5.7
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1668553200 (2022-11-16)	1668553200 (2022-11-16)
cve_nvd_summary		A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787.	A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			N
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss3_nvd_basescore			8.8
cvss3_cna_basescore			4.3

◂ 上一步一览下一步 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!