Lucene search

MitreCVE-2023-43909

HistorySep 29, 2023 - 1:15 p.m.

CVE-2023-43909

2023-09-2913:15:10

CWE-89

mitre

web.nvd.nist.gov

cve-2023-43909

hospital management system

sql injection

vulnerability

nvd

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

37.1%

JSON

Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.

Affected configurations

Nvd

Node

hospital_management_system_projecthospital_management_systemMatch-

VendorProductVersionCPE
hospital_management_system_projecthospital_management_system-cpe:2.3:a:hospital_management_system_project:hospital_management_system:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hospital_management_system_project	hospital_management_system	-	cpe:2.3:a:hospital_management_system_project:hospital_management_system:-:::::::*

References

www.notion.so/SQL-Injection-vulnerability-in-app_contact-parameter-on-appsearch-php-directory-2e3daa8975164ee18217c52c43ae1a22

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

37.1%

JSON

Related for CVE-2023-43909