CVE-2024-8944

A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://code-projects.org/ Product
https://github.com/65241/cve/issues/1 Exploit Third Party Advisory
https://vuldb.com/?ctiid.277761 Patch Third Party Advisory VDB Entry
https://vuldb.com/?id.277761 Third Party Advisory VDB Entry
https://vuldb.com/?submit.408871 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:fabianros:hospital_management_system:1.0:*:*:*:*:*:*:*

History

23 Sep 2024, 16:56

Type Values Removed Values Added
First Time Fabianros
Fabianros hospital Management System
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 9.8
References () https://code-projects.org/ - () https://code-projects.org/ - Product
References () https://github.com/65241/cve/issues/1 - () https://github.com/65241/cve/issues/1 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.277761 - () https://vuldb.com/?ctiid.277761 - Patch, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.277761 - () https://vuldb.com/?id.277761 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.408871 - () https://vuldb.com/?submit.408871 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:fabianros:hospital_management_system:1.0:*:*:*:*:*:*:*

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en code-projects Hospital Management System 1.0. Afecta a una parte desconocida del archivo check_availability.php. La manipulación del argumento email provoca una inyección SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.

17 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-17 18:15

Updated : 2024-09-23 16:56


NVD link : CVE-2024-8944

Mitre link : CVE-2024-8944

CVE.ORG link : CVE-2024-8944


JSON object : View

Products Affected

fabianros

  • hospital_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')