Salah Tayeh

CVE-2024-11073 WRITEUP MEDIUM WRITEUP

Hospital Management System 1.0 - Unauthenticated IDOR via Patient ID

A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. This affects an unknown part of the file /vm/patient/delete-account.php. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 4.3

View Code

CVE-2024-11102 WRITEUP LOW WRITEUP

Hospital Management System 1.0 - Stored Cross-Site Scripting via Edit Doctor Name Parameter

A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS 3.5

View Code