SQL Injection Vulnerability in CodeZips Hospital Management System
CVE-2024-12976

9.8CRITICAL

Key Information:

Vendor: CodeZips
Status: Hospital Management System
Vendor: CVE Published:; 27 December 2024

What is CVE-2024-12976?

A vulnerability has been identified in the CodeZips Hospital Management System version 1.0, specifically in the functionality linked to the file named staff.php. This issue arises from insufficient validation of user input in the tel argument, which can be exploited to conduct SQL injection attacks. Attackers may target this vulnerability remotely, potentially affecting other parameters as well. The public disclosure of this exploit heightens the risk, urging affected organizations to take immediate action to mitigate the security threat.

References

https://github.com/nexus-wkx/CVE/blob/main/SQL_Injection_...

https://vuldb.com/?ctiid.289352

https://vuldb.com/?id.289352

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 27, 2024