A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| Link | Resource |
|---|---|
| https://code-projects.org/ | Product |
| https://github.com/keepgoing2077/cve/issues/1 | Exploit Third Party Advisory Issue Tracking |
| https://vuldb.com/?ctiid.278204 | Permissions Required VDB Entry |
| https://vuldb.com/?id.278204 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.411119 | Third Party Advisory VDB Entry |
Configurations
History
04 Apr 2025, 14:37
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:code-projects:patient_record_management_system:1.0:*:*:*:*:*:*:* | |
| First Time |
Code-projects patient Record Management System
Code-projects |
|
| References | () https://code-projects.org/ - Product | |
| References | () https://github.com/keepgoing2077/cve/issues/1 - Exploit, Third Party Advisory, Issue Tracking | |
| References | () https://vuldb.com/?ctiid.278204 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.278204 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.411119 - Third Party Advisory, VDB Entry |
Information
Published : 2024-09-20 15:15
Updated : 2025-04-04 14:37
NVD link : CVE-2024-9034
Mitre link : CVE-2024-9034
CVE.ORG link : CVE-2024-9034
JSON object : View
Products Affected
code-projects
- patient_record_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')