Clinic S Patient Management System
CVE-2024-7753
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (vuldb) · only source for this CVE.
CVSS VectorVendor: vuldb
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user_images/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-425. A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user_images/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Affected products include: Oretnom23 Clinic\'S Patient Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via p
A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Ra
Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=. Rated critical seve
Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php. Rated critical severity
A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Rated
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated high severity (CVSS 8.8), this
A vulnerability was found in SourceCodesters Clinics Patient Management System 2.0. Rated medium severity (CVSS 6.9), th
A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. Rated medium severity (CVSS 6.9), thi
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 6.9), thi
Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php. Rated medium sever
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated critical severity (CVSS 9.8), t
A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Rated critical sev
Same weakness CWE-425 – Direct Request ('Forced Browsing')
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today