CVE-2024-23747

HIGH

Modernasistemas Modernanet Hospital Management System 2024 - IDOR

Title source: rule

Description

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information.

Exploits (1)

nomisec WRITEUP

by louiselalanne · poc

https://github.com/louiselalanne/CVE-2024-23747

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/louiselalanne/CVE-2024-23747

[Product] https://modernasistemas.com.br/sitems/

Scores

CVSS v3 7.5

EPSS 0.0098

EPSS Percentile 76.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (1)

modernasistemas/modernanet_hospital_management_system_2024

Published Jan 29, 2024

Tracked Since Feb 18, 2026