SQL Injection Vulnerability in Clinic's Patient Management System by Oretnom23
CVE-2022-36750

9.8CRITICAL

Key Information:

Vendor: Clinic\'s Patient Management System Project
Status: Clinic\'s Patient Management System
Vendor: CVE Published:; 10 August 2022

🔔 Create Clinic\'s Patient Management System Project Vulnerability Alert

What is CVE-2022-36750?

The Clinic's Patient Management System version 1.0 is susceptible to SQL injection through the endpoint /pms/update_user.php?id=. This vulnerability allows an attacker to manipulate SQL queries by injecting malicious code via the 'id' parameter, potentially exposing sensitive user information and compromising the integrity of the database. It is crucial for users of this system to apply security patches and revise their input validation processes.

References

https://github.com/FF9118/bug_report/blob/main/vendors/or...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
Jul 25, 2022

JSON