CVE-2024-8080

MEDIUM

SourceCodester Online Health Care System 1.0 - SQL Injection

Title source: llm
STIX 2.1

Description

A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument f_name with the input 1%' or 1=1 ) UNION SELECT 1,2,3,4,5,database(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# as part of string leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References (5)

Core 5
Core References
Permissions Required, Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.275562
Permissions Required, Third Party Advisory, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.275562
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.395465

Scores

CVSS v3 6.3
EPSS 0.0062
EPSS Percentile 45.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
online_health_care_system_project/online_health_care_system 1.0
Published Aug 22, 2024
Tracked Since Feb 18, 2026