CVE-2022-30012: SQL Injection
First published: Mon May 16 2022(Updated: )
In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hospital Management System Project Hospital Management System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this HMS vulnerability?
The vulnerability ID for this HMS vulnerability is CVE-2022-30012.
What is the severity rating of CVE-2022-30012?
CVE-2022-30012 has a severity rating of 7.5 (High).
Which software version is affected by CVE-2022-30012?
The Hospital Management System version 1.0 is affected by CVE-2022-30012.
What is the CWE-ID of CVE-2022-30012?
The CWE-ID of CVE-2022-30012 is CWE-89.
How can an attacker exploit this vulnerability?
An attacker can exploit CVE-2022-30012 by injecting malicious SQL queries into the parameters of the appointment.php page, potentially gaining unauthorized access to the database.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/hospital management system project
- canonical/hospital management system project hospital management system
- version/hospital management system project hospital management system/1.0