SQL Injection Vulnerability Discovered in Health Care Hospital Management System
CVE-2024-37802

8.8HIGH

Key Information:

Vendor: CodeProjects
Status: Health Care Hospital Management System
Vendor: CVE Published:; 18 June 2024

🔔 Create CodeProjects Vulnerability Alert

What is CVE-2024-37802?

A SQL injection vulnerability has been identified in the Patient Info module of CodeProjects Health Care Hospital Management System version 1.0. This vulnerability arises from improper handling of user input through the 'searvalu' parameter, allowing attackers to manipulate SQL queries. Exploiting this weakness can result in unauthorized access to sensitive patient information, potentially leading to data breaches and major security concerns within healthcare environments. Organizations using this system must prioritize assessments and remediation efforts to safeguard against this vulnerability.

References

https://code-projects.org/health-care-hospital-in-php-css...

https://github.com/SandeepRajauriya/CVEs/blob/main/CVE-20...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2024
Vulnerability Reserved
Jun 10, 2024