Improper Authorization in SourceCodester Hospital Management System 1.0
CVE-2024-11073

8.1HIGH

Key Information:

Vendor: Mayurik
Status: Hospital Management System
Vendor: CVE Published:; 11 November 2024

What is CVE-2024-11073?

A vulnerability has been identified in SourceCodester's Hospital Management System 1.0, specifically within the /vm/patient/delete-account.php script. This security flaw arises from improper authorization mechanisms that allow an attacker to manipulate the 'id' argument, potentially leading to unauthorized account deletions. The exploit can be initiated remotely, posing significant risks to the integrity of patient data. The details of this vulnerability have been made publicly available, raising concerns for users of the affected system.

References

https://vuldb.com/?id.283869

https://vuldb.com/?ctiid.283869

https://vuldb.com/?submit.440799

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2024

Mayurik

What is CVE-2024-11073?

References

CVSS V3.1

Timeline