CVE-2024-23747

HIGH

ModernaNet Hospital Management System 2024 - Insecure Direct Object Reference via Laudo ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-23747. PoCs published by louiselalanne.

AI-analyzed exploit summary The repository describes an Insecure Direct Object Reference (IDOR) vulnerability in Moderna Sistemas ModernaNet Hospital Management System 2024, allowing unauthorized access to sensitive medical information via manipulated URL parameters. It includes technical details and screenshots but lacks functional exploit code.

Description

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information.

Exploits (1)

nomisec WRITEUP

by louiselalanne · poc

https://github.com/louiselalanne/CVE-2024-23747

View Code ZIP pw:eip

The repository describes an Insecure Direct Object Reference (IDOR) vulnerability in Moderna Sistemas ModernaNet Hospital Management System 2024, allowing unauthorized access to sensitive medical information via manipulated URL parameters. It includes technical details and screenshots but lacks functional exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Moderna Sistemas ModernaNet Hospital Management System 2024

No auth needed

Prerequisites: Access to the target URL endpoint

MITRE ATT&CK

T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/louiselalanne/CVE-2024-23747

Product

https://modernasistemas.com.br/sitems/

Scores

CVSS v3 7.5

EPSS 0.0069

EPSS Percentile 48.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (1)

modernasistemas/modernanet_hospital_management_system_2024

Published Jan 29, 2024

Tracked Since Feb 18, 2026