CVE-2024-10791 | Codezips Hospital Appointment System 1.0 /doctorAction.php Name sql injection

Posted by Angelo Barbosa | Nov 4, 2024 | CVE

A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection.

The identification of this vulnerability is CVE-2024-10791. The attack may be initiated remotely. Furthermore, there is an exploit available.

The initial researcher advisory mentions contradicting file and parameter names to be affected.

CVE-2024-10791 | Codezips Hospital Appointment System 1.0 /doctorAction.php Name sql injection

Related Posts

CVE-2016-15038 | NUUO NVRmini 2 up to 3.0.8 /deletefile.php filename path traversal (Exploit 40214)

CVE-2024-4518 | Campcodes Complete Web-Based School Management 1.0 teacher_salary_invoice.php desc cross site scripting

CVE-2024-34538 | Mateso PasswordSafe up to 8.13.9.26689 risky encryption

CVE-2023-43304 | Park Dandan mini-app on Line 13.6.1 Channel Access Token information disclosure