CVE-2024-12976: CodeZips Hospital Management System staff.php sql injection
First published: Fri Dec 27 2024(Updated: )
A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hospital Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-12976?
CVE-2024-12976 has been classified as critical due to the potential for remote SQL injection.
How do I fix CVE-2024-12976?
To fix CVE-2024-12976, sanitize and validate all user inputs, particularly the 'tel' argument in /staff.php.
What impact does CVE-2024-12976 have on systems?
CVE-2024-12976 may allow attackers to perform unauthorized SQL commands, potentially compromising sensitive data.
Is CVE-2024-12976 exploitable through the internet?
Yes, CVE-2024-12976 can be exploited remotely, making it a high-risk vulnerability for exposed systems.
Which software is affected by CVE-2024-12976?
CVE-2024-12976 affects CodeZips Hospital Management System version 1.0.
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/codezips
- canonical/hospital management system