More Web Proxy on the site http://driver.im/

SourceCodester Clinics Patient Management System 1.0 print_patients_visits.php from/to sql injection

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /print_patients_visits.php. The manipulation of the argument from/to leads to sql injection. Using CWE to declare the problem leads to CWE-89. The weakness was disclosed 07/21/2024. The advisory is available at github.com. This vulnerability was named CVE-2024-6968. The attack can be initiated remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1505 by the MITRE ATT&CK project. It is declared as proof-of-concept. It is possible to download the exploit at github.com. As 0-day the estimated underground price was around $0-$5k.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single items and item collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Prioritizing items becomes possible.

User

VulDB Mod Team	86

Field

cvss3_meta_tempscore	3
cvss3_meta_basescore	2
cvss3_nvd_basescore	1
cvss3_nvd_a	1
cvss3_nvd_i	1

Commit Conf

90%	29
99%	27
50%	14
70%	9
80%	7

Approve Conf

80%	30
90%	29
99%	27

86 Commits

ID	Commited	User	Field	Change	Remarks	Moderation	Response	C
17025833	07/26/2024	VulDB…	cvss3_meta_tempscore	6.5	see CVSS documentation	07/26/2024	accepted	80
17025832	07/26/2024	VulDB…	cvss3_meta_basescore	6.7	see CVSS documentation	07/26/2024	accepted	80
17025831	07/26/2024	VulDB…	cvss3_nvd_basescore	7.5	nist.gov	07/26/2024	accepted	99
17025830	07/26/2024	VulDB…	cvss3_nvd_a	N	nist.gov	07/26/2024	accepted	99
17025829	07/26/2024	VulDB…	cvss3_nvd_i	N	nist.gov	07/26/2024	accepted	99
17025828	07/26/2024	VulDB…	cvss3_nvd_c	H	nist.gov	07/26/2024	accepted	99
17025827	07/26/2024	VulDB…	cvss3_nvd_s	U	nist.gov	07/26/2024	accepted	99
17025826	07/26/2024	VulDB…	cvss3_nvd_ui	N	nist.gov	07/26/2024	accepted	99
17025825	07/26/2024	VulDB…	cvss3_nvd_pr	N	nist.gov	07/26/2024	accepted	99
17025824	07/26/2024	VulDB…	cvss3_nvd_ac	L	nist.gov	07/26/2024	accepted	99
17025823	07/26/2024	VulDB…	cvss3_nvd_av	N	nist.gov	07/26/2024	accepted	99
17000729	07/22/2024	VulDB…	cve_nvd_summaryes	Se encontró una vulnerabilidad en SourceCodester Clinics Patient Management System 1.0. Ha sido declarada crítica. Esta vulnerabilidad afecta al código desconocido del archivo /print_patients_visits.php. La manipulación del argumento from/to conduce a la inyección SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-272122 es el identificador asignado a esta vulnerabilidad.	cve.org	07/22/2024	accepted	99
16994988	07/22/2024	VulDB…	cvss3_meta_tempscore	6.0	see CVSS documentation	07/22/2024	accepted	80
16994987	07/22/2024	VulDB…	cvss2_cna_basescore	6.5	see CVSS documentation	07/22/2024	accepted	99
16994986	07/22/2024	VulDB…	cvss2_cna_ai	P	see CVSS documentation	07/22/2024	accepted	99
16994985	07/22/2024	VulDB…	cvss2_cna_ii	P	see CVSS documentation	07/22/2024	accepted	99
16994984	07/22/2024	VulDB…	cvss2_cna_ci	P	see CVSS documentation	07/22/2024	accepted	99
16994983	07/22/2024	VulDB…	cvss2_cna_au	S	see CVSS documentation	07/22/2024	accepted	99
16994982	07/22/2024	VulDB…	cvss2_cna_ac	L	see CVSS documentation	07/22/2024	accepted	99
16994981	07/22/2024	VulDB…	cvss2_cna_av	N	see CVSS documentation	07/22/2024	accepted	99

66 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 66 results.

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!