A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "name" to be affected. But it must be assumed that the parameter "message" is affected as well.
History

Wed, 06 Nov 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Anisha
Anisha e-health Care System
CPEs cpe:2.3:a:anisha:e-health_care_system:1.0:*:*:*:*:*:*:*
Vendors & Products Anisha
Anisha e-health Care System

Tue, 05 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects e-health Care System
CPEs cpe:2.3:a:code-projects:e-health_care_system:1.0:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects e-health Care System
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 05 Nov 2024 01:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "name" to be affected. But it must be assumed that the parameter "message" is affected as well.
Title code-projects E-Health Care System chat.php sql injection
Weaknesses CWE-707
CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-11-05T01:31:04.769Z

Updated: 2024-11-05T16:04:56.831Z

Reserved: 2024-11-04T17:59:15.533Z

Link: CVE-2024-10809

cve-icon Vulnrichment

Updated: 2024-11-05T16:04:52.213Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-05T02:15:03.980

Modified: 2024-11-06T15:14:48.213

Link: CVE-2024-10809

cve-icon Redhat

No data.