Kashipara Hospital Management System Parameter login.php sql injection
CVE-2024-0267
Key Information:
- Vendor
Kashipara
- Vendor
- CVE Published:
- 7 January 2024
Badges
What is CVE-2024-0267?
A vulnerability has been identified in the Kashipara Hospital Management System, specifically within the login.php component where user credentials (email/password) are improperly processed. This flaw allows for SQL injection, enabling potential attackers to manipulate database queries remotely. The exploitation of this vulnerability could lead to unauthorized access to sensitive information within the system. The issue has been publicly disclosed and poses significant security risks to any installations running affected versions prior to 1.0. Proper mitigation strategies, such as input validation and parameterized queries, are essential to protect against such exploits.
Affected Version(s)
Hospital Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
CVSS V3.0
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved