SQL Injection Vulnerability in CodeZips Hospital Management System
CVE-2024-12976

9.8CRITICAL

Key Information:

Vendor: CodeZips
Status: Hospital Management System
Vendor: CVE Published:; 27 December 2024

What is CVE-2024-12976?

A vulnerability has been identified in the CodeZips Hospital Management System version 1.0, specifically in the functionality linked to the file named staff.php. This issue arises from insufficient validation of user input in the tel argument, which can be exploited to conduct SQL injection attacks. Attackers may target this vulnerability remotely, potentially affecting other parameters as well. The public disclosure of this exploit heightens the risk, urging affected organizations to take immediate action to mitigate the security threat.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/nexus-wkx/CVE/blob/main/SQL_Injection_...

https://vuldb.com/?ctiid.289352

https://vuldb.com/?id.289352

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 27, 2024

JSON

CodeZips

What is CVE-2024-12976?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.