exploitDog

CVE-2018-1000650

Опубликовано: 20 авг. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.

Ссылки

https://0dd.zone/2018/08/08/lh-ehr-Authenticated-SQL-Injection/
Exploit
Third Party Advisory
https://github.com/LibreHealthIO/lh-ehr/issues/1215
Exploit
Third Party Advisory
https://0dd.zone/2018/08/08/lh-ehr-Authenticated-SQL-Injection/
Exploit
Third Party Advisory
https://github.com/LibreHealthIO/lh-ehr/issues/1215
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:librehealth:librehealth_ehr:2.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00244

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-4ggq-ghmc-h6h3

CVSS3: 8.8

github

больше 3 лет назад

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.

EPSS

Процентиль: 47%

0.00244

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89