Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-38637 — SQL Injection in Management System Project Hospital Management System

CWE-89 — SQL Injection4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

31.4%

top 3.22%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Hospital Management System Project Hospital Management System

Timeline

PublishedSep 13

Latest updateSep 14

Description

Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDhospital_management_system_project/hospital_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-rm29-qf4c-w4xx: Hospital Management System v1↗2022-09-14

▶

CVEList

CVE-2022-38637: Hospital Management System v1↗2022-09-13

▶

💥Exploits & PoCs

Nuclei

Hospital Management System 1.0 - SQL Injection

▶