CVE-2022-24263 Hospital Management System v4.0 had a SQL injection vulnerability in /func.php via the email parameter.

CVE-2022-24263 Hospital Management System v4.0 had a SQL injection vulnerability in /func.php via the email parameter.

This allows attackers to inject arbitrary SQL queries that can be used to exploit other vulnerabilities in the application.

An attacker must force users to visit a maliciously crafted website in order to exploit this vulnerability.

CVE-2017-10700 - rsync - Remote code execution through rsync server. The rsync server is used by the system to transfer data from/to the server. A SQL injection vulnerability in /Hospital-Management-System-master/func.php via the r parameter. A remote attacker can exploit this vulnerability to execute code on the system through rsync server.

CVE-2017-10702 - cpanel - Remote code execution through cpanel server. The cpanel server is used by the system to manage the server. A SQL injection vulnerability in /Hospital-Management-System-master/func.php via the cpwd parameter. A remote attacker can exploit this vulnerability to inject SQL code into the system.

CVE-2017-10703 - Database - SQL injection vulnerability in Database. The Database is used to store data in the system. A SQL injection vulnerability in /Hospital-Management-System-master/func.php via the dbname parameter. A remote attacker can exploit this vulnerability to inject SQL code into the system.

CVE-2017-10704 - Email - SQL injection vulnerability in Email. The Email is used to send notification to users. A SQL injection vulnerability in /Hospital-Management-System-

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe