Lucene search

[email protected]CVE-2022-3956

HistoryNov 11, 2022 - 4:15 p.m.

CVE-2022-3956

2022-11-1116:15:16

CWE-89

CWE-707

[email protected]

web.nvd.nist.gov

vulnerability

critical

tsruban hhims

sql injection

remote code execution

patch

nvd

cve-2022-3956

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability.

Affected configurations

Vulners

NVD

Node

tsrubanhhimsMatch2.1

CPENameOperatorVersion
hhims_project:hhimshhims project hhimseq2.1

CPE	Name	Operator	Version
hhims_project:hhims	hhims project hhims	eq	2.1

CNA Affected

[
  {
    "vendor": "tsruban",
    "product": "HHIMS",
    "versions": [
      {
        "version": "2.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/tsruban/HHIMS/issues/1

vuldb.com/?id.213462

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for CVE-2022-3956

cvelist1 osv1 nvd1 prion1