SQL Injection Vulnerability in Code-Projects E-Health Care System
CVE-2024-10739

9.8CRITICAL

Key Information:

Vendor
Code-projects
Status
E-health Care System
Vendor
CVE Published:
3 November 2024

Badges

👾 Exploit Exists

Summary

A vulnerability has been identified in version 1.0 of the E-Health Care System developed by Code-Projects, specifically related to the adminlogin.php functionality. This issue arises from improper handling of user-supplied data in the email and admin_pswd parameters, which allows for SQL injection attacks. Attackers can remotely exploit this vulnerability to manipulate database queries, potentially gaining unauthorized access to sensitive information or executing arbitrary commands. Both parameters need to be treated with caution as the vulnerability may be exploited through crafted input. Organizations using this software should prioritize patching and employ security best practices to mitigate risks associated with this vulnerability.

Affected Version(s)

E-Health Care System 1.0

References

https://vuldb.com/?id.282908
vdb-entrytechnical-description
https://vuldb.com/?ctiid.282908
signaturepermissions-required
https://vuldb.com/?submit.436014
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

李腾
谢亚轩
UnrealDawn (VulDB User)
UnrealDawn (VulDB User)
.
CVE-2024-10739 : SQL Injection Vulnerability in Code-Projects E-Health Care System | SecurityVulnerability.io