SQL Injection Vulnerability in SourceCodester Clinics Patient Management System
CVE-2024-7930

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: Clinic Patient Management System
Vendor: CVE Published:; 19 August 2024

Summary

A serious vulnerability has been identified in the SourceCodester Clinics Patient Management System version 1.0, specifically in the /pms/ajax/get_packings.php file. The flaw arises from improper handling of the medicine_id parameter, which allows for SQL injection attacks. This remote exploitation can lead to unauthorized access to the database, resulting in potential data breaches, data manipulation, or denial of service. Given that this vulnerability has been publicly disclosed, it poses a significant risk to systems running the affected version. Immediate remediation is advised to safeguard sensitive patient information.

References

https://vuldb.com/?id.275116

https://vuldb.com/?ctiid.275116

https://vuldb.com/?submit.392934

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 19, 2024