CVE-2022-30011 — SQL Injection in Management System Project Hospital Management System

Severity

9.8CRITICALNVD

EPSS

1.3%

top 20.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 16

Latest updateMay 17

Description

In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

GHSA

GHSA-p73c-xh59-98jx: In HMS 1↗2022-05-17

▶

CVEList

CVE-2022-30011: In HMS 1↗2022-05-16

▶