github - ghsa-vx3p-8fv9-q322

ghsa-vx3p-8fv9-q322

Vulnerability from github

Published

2024-08-04 12:30

Modified

2024-08-04 12:30

Severity

6.3 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Details

A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is the function patient_name of the file patients.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273548.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-7454"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-04T09:15:37Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is the function patient_name of the file patients.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273548.",
  "id": "GHSA-vx3p-8fv9-q322",
  "modified": "2024-08-04T12:30:34Z",
  "published": "2024-08-04T12:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7454"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lche511/cve/blob/main/sql.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.273548"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.273548"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.385005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

cve-2024-7454

Vulnerability from cvelistv5

Published

2024-08-04 09:00

Modified

2024-08-07 18:24

Severity

5.3 (Medium) - cvssV4_0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

SourceCodester Clinics Patient Management System patients.php patient_name sql injection

References

URL	Tags
https://vuldb.com/?id.273548	vdb-entry, technical-description
https://vuldb.com/?ctiid.273548	signature, permissions-required
https://vuldb.com/?submit.385005	third-party-advisory
https://github.com/lche511/cve/blob/main/sql.md	exploit

Impacted products

Vendor	Product
SourceCodester	Clinics Patient Management System

Show details on NVD website