SQL Injection Vulnerability Discovered in Health Care Hospital Management System
CVE-2024-38347

8.8HIGH

Key Information:

Vendor: CodeProjects
Status: Health Care Hospital Management System
Vendor: CVE Published:; 18 June 2024

🔔 Create CodeProjects Vulnerability Alert

What is CVE-2024-38347?

The Health Care Hospital Management System developed by CodeProjects is susceptible to a SQL injection vulnerability, specifically located within the Room Information module. This vulnerability occurs through the manipulation of the 'id' parameter, allowing attackers to execute arbitrary SQL commands. Exploiting this flaw may lead to unauthorized access to sensitive data or manipulation of the database. It is critical for users of this application to apply necessary security measures and updates to mitigate potential exploitation risks.

References

https://code-projects.org/health-care-hospital-in-php-css...

https://github.com/SandeepRajauriya/CVEs/blob/main/CVE-20...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2024
Vulnerability Reserved
Jun 14, 2024