CVE-2024-28320
HIGHHospital Management System 1.0 - Authorization Bypass via Patient Edit User Endpoint
Title source: llmDescription
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://packetstormsecurity.com/files/177326/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-Account-Takeover.html
Exploit, Third Party Advisory
https://sospiro014.github.io/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-+-Account-Takeover
Scores
CVSS v3
7.6
EPSS
0.0053
EPSS Percentile
40.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-639
Status
published
Products (1)
mayurik/hospital_management_system
1.0
Published
Apr 29, 2024
Tracked Since
Feb 18, 2026