Skip to main content

Clinic S Patient Management System CVE-2024-7753

MEDIUM
Direct Request ('Forced Browsing') (CWE-425)
2024-08-14 cna@vuldb.com
6.9
CVSS 4.0 · Vendor: vuldb
Share

Severity by source

Vendor (vuldb) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (vuldb) · only source for this CVE.

CVSS VectorVendor: vuldb

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Aug 14, 2024 - 01:15 cve.org
MEDIUM 6.9

DescriptionCVE.org

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user_images/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-425. A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user_images/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Affected products include: Oretnom23 Clinic\'S Patient Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-40471 CRITICAL POC
9.8 Oct 31

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via p

CVE-2022-2297 HIGH POC
8.8 Jul 12

A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Ra

CVE-2022-36750 CRITICAL POC
9.8 Aug 10

Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=. Rated critical seve

CVE-2022-36270 CRITICAL POC
9.8 Aug 10

Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php. Rated critical severity

CVE-2022-2298 CRITICAL POC
9.8 Jul 12

A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Rated

CVE-2023-1035 HIGH POC
8.8 Feb 25

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated high severity (CVSS 8.8), this

CVE-2024-8565 MEDIUM POC
6.9 Sep 07

A vulnerability was found in SourceCodesters Clinics Patient Management System 2.0. Rated medium severity (CVSS 6.9), th

CVE-2024-8555 MEDIUM POC
6.9 Sep 07

A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. Rated medium severity (CVSS 6.9), thi

CVE-2024-7645 MEDIUM POC
6.9 Aug 12

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 6.9), thi

CVE-2022-36251 MEDIUM POC
6.1 Aug 22

Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php. Rated medium sever

CVE-2022-3122 CRITICAL
9.8 Sep 05

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated critical severity (CVSS 9.8), t

CVE-2022-3120 CRITICAL
9.8 Sep 05

A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Rated critical sev

Share

CVE-2024-7753 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy