CVE-2024-10449

HIGH

Codezips Hospital Appointment System 1.0 - SQL Injection via Username Parameter in /loginAction.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-10449. PoCs published by g-u-i-d.

AI-analyzed exploit summary This repository provides a patched version of `loginAction.php` to mitigate CVE-2024-10449, which appears to be an SQL injection vulnerability in a hospital management system. The patch uses prepared statements to prevent SQLi, but the README lacks technical details about the original vulnerability.

Description

A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WRITEUP

by g-u-i-d · poc

https://github.com/g-u-i-d/CVE-2024-10449-patch

View Code ZIP pw:eip

This repository provides a patched version of `loginAction.php` to mitigate CVE-2024-10449, which appears to be an SQL injection vulnerability in a hospital management system. The patch uses prepared statements to prevent SQLi, but the README lacks technical details about the original vulnerability.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Hospital Management System (version unspecified)

No auth needed

Prerequisites: Access to the login endpoint · Knowledge of SQLi techniques

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.282009

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.282009

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.432564

Exploit, Third Party Advisory exploit issue-tracking

https://github.com/ppp-src/CVE/issues/25

Scores

CVSS v3 7.3

EPSS 0.0137

EPSS Percentile 68.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

codezips/hospital_appointment_system 1.0

Published Oct 28, 2024

Tracked Since Feb 18, 2026