Lucene search
China National Vulnerability DatabaseCNVD-2024-02734HistoryJan 12, 2024 - 12:00 a.m.
Hospital Management System SQL Injection Vulnerability
2024-01-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
hospital management system
sql injection
vulnerability
healthcare information
validation
crafted sql statement
contactus queries endpoint
back-end database
security issue
A Hospital Management System (HMS) is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. Hospital Management System V4.0 and prior versions suffer from a SQL injection vulnerability that stems from the application’s lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability by sending a crafted SQL statement to the Conatctus Queries endpoint using an unread query field, which would allow an attacker to view, add, modify, or delete information in the back-end database.
| CPE | Name | Operator | Version |
|---|---|---|---|
| hospital management system hospital management system <= | eq | 4.0 |
Related
cvelist
cvelist
CVE-2020-26627
2024-01-10 00:00:00
nvd
nvd
CVE-2020-26627
2024-01-10 09:15:43
prion
prion
Sql injection
2024-01-10 09:15:00
cve
cve
CVE-2020-26627
2024-01-10 09:15:43
packetstorm
packetstorm
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
2023-12-22 00:00:00
zdt
zdt