CVE-2024-46532

SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component...

OpenHIS SQL Injection Vulnerability

OpenHIS is a web-based hospital management application from China Xinzhi OpenHIS. A SQL injection vulnerability exists in OpenHIS v.1.0, which stems from a lack of validation of externally-entered SQL statements in the refund function of the PayController.class.php component. An attacker can...

CVE-2024-46532

SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component...

OpenHIS 安全漏洞

OpenHIS is a web-based hospital management application from China Xinzhi OpenHIS. A SQL injection vulnerability exists in OpenHIS v.1.0, which stems from a lack of validation of externally-entered SQL statements in the refund function of the PayController.class.php component. An attacker can...

CVE-2024-46532

SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component...

CVE-2024-46532

OpenHIS v1.0 is affected by a SQL Injection in the refund function of PayController.class.php. The root cause is unsanitized/external SQL statements, enabling an attacker to potentially execute arbitrary SQL commands and access sensitive data. Public references across CVE records (NVD/Red Hat/CNV...

CVE-2024-46532

SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component...

PT-2024-32024 · Openhis · Openhis

Name of the Vulnerable Software and Affected Versions: OpenHIS version 1.0 Description: A SQL Injection issue allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. Users are urged to update to the latest release to mitigate risks...