Описание
A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Ссылки
- ExploitThird Party Advisory
- https://github.com/Shaon-Xis/PHPGurukul-HMS-SQLi-PoC/tree/main#4-proof-of-concept-reproduction-stepsExploitThird Party Advisory
- Product
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00308
Низкий
4.7 Medium
CVSS3
7.2 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-74
Связанные уязвимости
CVSS3: 4.7
github
5 месяцев назад
A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
EPSS
Процентиль: 22%
0.00308
Низкий
4.7 Medium
CVSS3
7.2 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-74