Lucene search

[email protected]CVE-2022-48120

HistoryJan 20, 2023 - 7:15 p.m.

CVE-2022-48120

2023-01-2019:15:17

CWE-89

[email protected]

web.nvd.nist.gov

cve-2022-48120

sql injection

kishan0725 hospital management system

nvd

security vulnerability

search optimization

contact parameter

doctor parameter

/search.php

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.0%

JSON

SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php.

Affected configurations

NVD

Node

hospital_management_system_projecthospital_management_systemRange≤2021-03-13

CPENameOperatorVersion
hospital_management_system_project:hospital_management_systemhospital management system project hospital management systemle2021-03-13

CPE	Name	Operator	Version
hospital_management_system_project:hospital_management_system	hospital management system project hospital management system	le	2021-03-13

References

github.com/kishan0725/Hospital-Management-System/issues/32

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.0%

JSON

Related for CVE-2022-48120

cvelist1 prion1 nvd1