SQL Injection Vulnerability in Clinic's Patient Management System by Oretnom23
CVE-2022-36609

9.8CRITICAL

Key Information:

Vendor: Clinic\'s Patient Management System Project
Status: Clinic\'s Patient Management System
Vendor: CVE Published:; 2 September 2022

🔔 Create Clinic\'s Patient Management System Project Vulnerability Alert

What is CVE-2022-36609?

The Clinic's Patient Management System version 1.0 has been found to harbor a SQL injection vulnerability that allows unauthorized manipulation of the database via the 'id' parameter in the update_patient.php endpoint. This flaw could potentially enable attackers to execute arbitrary SQL statements, leading to unauthorized data access or alteration. Security measures should be implemented to mitigate the risks associated with this vulnerability to protect sensitive patient data.

References

https://github.com/Lendme1996/bug_report/blob/main/vendor...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 2, 2022
Vulnerability Reserved
Jul 25, 2022

JSON