CVE-2024-7494
published 2024-08-05CVE-2024-7494: A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is some…
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.55%
41.9th percentile
A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is some unknown functionality of the file /new_prescription.php. The manipulation of the argument patient leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273620.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oretnom23 | clinic_s_patient_management_system | — | — |
| sourcecodester | clinics_patient_management_system | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ph35-p7mp-cgxf: A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1
ghsa_unreviewed·2024-08-06
CVE-2024-7494 [MEDIUM] CWE-89 GHSA-ph35-p7mp-cgxf: A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1
A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is some unknown functionality of the file /new_prescription.php. The manipulation of the argument patient leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273620.
Red Hat
kernel: mm: use memalloc_nofs_save() in page_cache_ra_order()
vendor_redhat·2024-05-30·CVSS 5.5
CVE-2024-36882 [MEDIUM] CWE-833 kernel: mm: use memalloc_nofs_save() in page_cache_ra_order()
kernel: mm: use memalloc_nofs_save() in page_cache_ra_order()
In the Linux kernel, the following vulnerability has been resolved:
mm: use memalloc_nofs_save() in page_cache_ra_order()
See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"),
ensure that page_cache_ra_order() do not attempt to reclaim file-backed
pages too, or it leads to a deadlock, found issue when test ext4 large
folio.
INFO: task DataXceiver for:7494 blocked for more than 120 seconds.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200
Call trace:
__switch_to+0x14c/0x240
__schedule+0x82c/0xdd0
schedule+0x58/0xf0
io_schedule+0x24/0xa0
__folio_lock+0x130/0x300
migrate_pages_batch+0x378/0x918
migrate_pages+0x350/0x7
Suricata
ET EXPLOIT Samba Arbitrary Module Loading Vulnerability M2 (NT Create AndX .so) (CVE-2017-7494)
suricata·2017-06-16·CVSS 9.8
CVE-2017-7494 [CRITICAL] ET EXPLOIT Samba Arbitrary Module Loading Vulnerability M2 (NT Create AndX .so) (CVE-2017-7494)
ET EXPLOIT Samba Arbitrary Module Loading Vulnerability M2 (NT Create AndX .so) (CVE-2017-7494)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET EXPLOIT Samba Arbitrary Module Loading Vulnerability M2 (NT Create AndX .so) (CVE-2017-7494)"; flow:established,to_server; content:"SMB"; offset:5; depth:3; content:"|05 00|"; distance:8; within:2; content:"|00 2e 00 73 00 6f 00|"; fast_pattern; endswith; reference:cve,2017-7494; classtype:attempted-admin; sid:2024384; rev:4; metadata:affected_product Linux, attack_target Server, created_at 2017_06_16, cve CVE_2017_7494, deployment Perimeter, deployment Internal, performance_impact Moderate, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2024_03_07;)
Suricata
ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (.so file write to share) (CVE-2017-7494)
suricata·2017-05-25·CVSS 9.8
CVE-2017-7494 [CRITICAL] ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (.so file write to share) (CVE-2017-7494)
ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (.so file write to share) (CVE-2017-7494)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (.so file write to share) (CVE-2017-7494)"; flow:established,to_server; content:"SMB|2d 00|"; offset:5; depth:5; content:"|00 00|"; distance:1; within:2; content:"|12 00|"; distance:40; within:2; content:"|2e|so|00|"; fast_pattern; distance:16; reference:cve,2017-7494; reference:url,github.com/rapid7/metasploit-framework/pull/8450; classtype:attempted-admin; sid:2024335; rev:2; metadata:attack_target SMB_Server, created_at 2017_05_25, cve CVE_2017_7494, deployment Datacenter, performance_impact Low, signature_severity Critical, tag CISA_KEV, updated_at 2024_03_07;)
Suricata
ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (NT Create AndX .so) (CVE-2017-7494)
suricata·2017-05-25·CVSS 9.8
CVE-2017-7494 [CRITICAL] ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (NT Create AndX .so) (CVE-2017-7494)
ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (NT Create AndX .so) (CVE-2017-7494)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (NT Create AndX .so) (CVE-2017-7494)"; flow:established,to_server; content:"SMB|a2 00|"; offset:5; depth:5; content:"|00 00|"; distance:1; within:2; content:"|2e|so|00|"; fast_pattern; distance:16; reference:cve,2017-7494; reference:url,github.com/rapid7/metasploit-framework/pull/8450; classtype:attempted-admin; sid:2024336; rev:2; metadata:attack_target SMB_Server, created_at 2017_05_25, cve CVE_2017_7494, deployment Datacenter, performance_impact Low, signature_severity Critical, tag CISA_KEV, updated_at 2024_03_07;)
No public exploits indexed.
No writeups or analysis indexed.
2024-08-05
Published