Lucene search

K
cve[email protected]CVE-2022-2676
HistoryAug 05, 2022 - 9:15 p.m.

CVE-2022-2676

2022-08-0521:15:08
CWE-89
web.nvd.nist.gov
41
7
cve-2022-2676
sourcecodester
electronic medical records system
vulnerability
sql injection
remote attack

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

A vulnerability was found in SourceCodester Electronic Medical Records System and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument user_email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205664.

Affected configurations

NVD
Node
electronic_medical_records_system_projectelectronic_medical_records_systemMatch-

CNA Affected

[
  {
    "product": "Electronic Medical Records System",
    "vendor": "SourceCodester",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Social References

More

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

Related for CVE-2022-2676