CVE-2022-48120

CRITICAL

Hospital Management System < 2021-03-13 - SQL Injection via Contact and Doctor Parameters

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php.

References (1)

Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory
https://github.com/kishan0725/Hospital-Management-System/issues/32

Scores

CVSS v3 9.8
EPSS 0.0087
EPSS Percentile 54.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
hospital_management_system_project/hospital_management_system < 2021-03-13
Published Jan 20, 2023
Tracked Since Feb 18, 2026