Blind SQL Injection Vulnerability in Hospital Management System by Nguyen-Trung-Kien
CVE-2022-24226

7.5HIGH

Key Information:

Vendor: PHPgurukul
Status: Hospital Management System
Vendor: CVE Published:; 15 February 2022

What is CVE-2022-24226?

A blind SQL injection vulnerability has been identified in version 4.0 of the Hospital Management System. This vulnerability occurs via the register function in func2.php, which allows attackers to manipulate SQL queries without user feedback. Successful exploitation may lead to unauthorized access to sensitive data, making it imperative for users to apply security patches and best practices to safeguard their systems.

References

https://github.com/Nguyen-Trung-Kien/CVE

x_refsource_MISC

https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-20...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2022
Vulnerability Reserved
Jan 31, 2022

PHPgurukul

What is CVE-2022-24226?

References

CVSS V3.1

Timeline