exploitDog

CVE-2022-22296

Опубликовано: 24 янв. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be displayed.

Ссылки

https://github.com/vlakhani28/CVE-2022-22296/blob/main/README.md
Product
Third Party Advisory
https://github.com/vlakhani28/CVE-2022-22296/blob/main/README.md
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hospital\'s_patient_records_management_system_project:hospital\'s_patient_records_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00131

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-276

Связанные уязвимости

GHSA-pg55-hv8r-frmh

github

около 4 лет назад

Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be displayed.

EPSS

Процентиль: 33%

0.00131

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-276