CVE-2024-46532

SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component...

OpenHIS SQL Injection Vulnerability

OpenHIS is a web-based hospital management application from China Xinzhi OpenHIS. A SQL injection vulnerability exists in OpenHIS v.1.0, which stems from a lack of validation of externally-entered SQL statements in the refund function of the PayController.class.php component. An attacker can...

CVE-2024-46532

SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component...

OpenHIS 安全漏洞

OpenHIS is a web-based hospital management application from China Xinzhi OpenHIS. A SQL injection vulnerability exists in OpenHIS v.1.0, which stems from a lack of validation of externally-entered SQL statements in the refund function of the PayController.class.php component. An attacker can...

CVE-2024-46532

OpenHIS v1.0 is affected by a SQL Injection in the refund function of PayController.class.php. The root cause is unsanitized/external SQL statements, enabling an attacker to potentially execute arbitrary SQL commands and access sensitive data. Public references across CVE records (NVD/Red Hat/CNV...

CVE-2024-46532

SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component...