CVE-2022-29938

Опубликовано: 05 мая 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.

Ссылки

https://github.com/LibreHealthIO/lh-ehr/tags
Third Party Advisory
https://gitlab.com/librehealth/ehr/lh-ehr/-/tags
Third Party Advisory
https://nitroteam.kz/index.php?action=researches&slug=librehealth_r
Exploit
Third Party Advisory
https://github.com/LibreHealthIO/lh-ehr/tags
Third Party Advisory
https://gitlab.com/librehealth/ehr/lh-ehr/-/tags
Third Party Advisory
https://nitroteam.kz/index.php?action=researches&slug=librehealth_r
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:librehealth:librehealth_ehr:2.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00314

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-c246-grxw-5q23