PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.
References
Link | Resource |
---|---|
https://medium.com/%40ashketchum/privilege-escalation-unauthenticated-access-to-admin-portal-cve-2020-35745-bb5d5dca97a0 | Exploit Third Party Advisory |
https://www.phpgurukul.com/hospital-management-system-in-php/ | Product Third Party Advisory |
https://www.youtube.com/watch?v=vnSsg6iwV9Y&feature=youtu.be&ab_channel=ashketchum | Exploit Third Party Advisory |
Configurations
History
01 Feb 2024, 02:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://medium.com/%40ashketchum/privilege-escalation-unauthenticated-access-to-admin-portal-cve-2020-35745-bb5d5dca97a0 - Exploit, Third Party Advisory |
14 Nov 2023, 16:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:* | |
First Time |
Phpgurukul hospital Management System
|
07 Nov 2023, 03:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-01-07 21:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-35745
Mitre link : CVE-2020-35745
CVE.ORG link : CVE-2020-35745
JSON object : View
Products Affected
phpgurukul
- hospital_management_system
CWE
CWE-862
Missing Authorization