CVE-2022-3120 A critical vulnerability was found in SourceCodester Clinics Patient Management System. The component Login is affected.

In a second critical vulnerability, the component Campaigns has been found to be affected by a denial of service issue. The component Campaigns allows users to create, edit, and delete campaigns. The creation of a campaign requires the user to specify a description. This description can be modified using the following code: $campaign_description = $_POST['description']; If the user has the 'administer campaign settings' permission, she can modify the $campaign_description variable. The code of the component Campaigns is as follows: if (isset($_POST['settings']) && $_POST['settings']['administer campaign settings'] == 1) { $campaign_description = $_POST['description']; }

CVE-2022-3119

In a third critical vulnerability, the component 'manage campaigns' has been found to be affected by an issue that is related to a denial of service. The component manage campaigns allows users to view and edit their campaigns. The code for this component is as follows: if (isset($_POST['settings']) && $_POST['settings']['administer campaign settings'] == 1) { $campaign_id = $_POST['campaign_id']; $campaign_name = $_POST['campaign_name']; }

Timeline

Published on: 09/05/2022 07:15:00 UTC
Last modified on: 09/08/2022 03:53:00 UTC

References

• https://vuldb.com/?id.207847
• https://github.com/joinia/webray.com.cn/blob/main/Clinic's-Patient-Management-System/cpms.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3120