CVE-2022-48120

moderate-risk
Published 2023-01-20

SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php.

Do I need to act?

-
0.34% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Hospital Management System Project

References (2)

Exploit https://github.com/kishan0725/Hospital-Management-System/issues/32
Exploit https://github.com/kishan0725/Hospital-Management-System/issues/32
38
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal