Lucene search

Fluid AttacksVULNRICHMENT:CVE-2023-5053

HistorySep 28, 2023 - 8:43 p.m.

CVE-2023-5053 SQL Injection in hospital-management-system-in-php 378c157 in index.php

2023-09-2820:43:41

CWE-89

Fluid Attacks

github.com

hospital management system

sql injection

authentication bypass

cve-2023-5053

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

Hospital management system version 378c157 allows to bypass authentication.

This is possible because the application is vulnerable to SQLI.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:projectworlds:hospital_management_system_in_php:2018-06-17:*:*:*:*:*:*:*"
    ],
    "vendor": "projectworlds",
    "product": "hospital_management_system_in_php",
    "versions": [
      {
        "status": "affected",
        "version": "2018-06-17"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

fluidattacks.com/advisories/shierro

github.com/projectworldsofficial/hospital-management-system-in-php/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-5053