CVE-2024-4257

MEDIUM NUCLEI

BlueNet Technology Clinical Browsing System 1.2.1 - SQL Injection

Title source: llm

Description

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262149 was assigned to this vulnerability.

Nuclei Templates (1)

BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection

MEDIUMVERIFIEDby s4e-io

FOFA: app="LANWON-临床浏览系统"

References (4)

[Exploit, Third Party Advisory] https://github.com/GAO-UNO/cve/blob/main/sql.md

View Exploit ZIP pw:eip

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.262149

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.262149

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.321338

Scores

CVSS v3 6.3

EPSS 0.9213

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-89

Status published

Products (1)

bluenettechnology/clinical_browsing_system 1.2.1

Published Apr 27, 2024

Tracked Since Feb 18, 2026