CVE-2024-28320 — Authorization Bypass Through User-Controlled Key in Hospital Management System

CWE-639 — Authorization Bypass Through User-Controlled Key3 documents3 sources

Severity

7.6HIGHNVD

EPSS

0.1%

top 64.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mayurik Hospital Management System

Timeline

PublishedApr 29

Description

Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:LExploitability: 2.1 | Impact: 5.5

Affected Packages1 packages

▶NVDmayurik/hospital_management_system1.0

🔴Vulnerability Details

CVEList

CVE-2024-28320: Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1↗2024-04-29

▶

GHSA

GHSA-9w2p-xfp4-ggc4: Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1↗2024-04-29

▶