CVE-2024-28320

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28320
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php.

7.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://packetstormsecurity.com/files/177326/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-Account-Takeover.html Exploit Third Party Advisory
https://sospiro014.github.io/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-+-Account-Takeover Exploit Third Party Advisory
https://packetstormsecurity.com/files/177326/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-Account-Takeover.html Exploit Third Party Advisory
https://sospiro014.github.io/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-+-Account-Takeover Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mayurik:hospital_management_system:1.0:*:*:*:*:*:*:*
History

01 Apr 2025, 14:50

Type Values Removed Values Added
First Time Mayurik
Mayurik hospital Management System
References () https://packetstormsecurity.com/files/177326/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-Account-Takeover.html - () https://packetstormsecurity.com/files/177326/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-Account-Takeover.html - Exploit, Third Party Advisory
References () https://sospiro014.github.io/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-+-Account-Takeover - () https://sospiro014.github.io/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-+-Account-Takeover - Exploit, Third Party Advisory
CPE cpe:2.3:a:mayurik:hospital_management_system:1.0:*:*:*:*:*:*:*

21 Nov 2024, 09:06

Type Values Removed Values Added
References () https://packetstormsecurity.com/files/177326/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-Account-Takeover.html - () https://packetstormsecurity.com/files/177326/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-Account-Takeover.html -
References () https://sospiro014.github.io/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-+-Account-Takeover - () https://sospiro014.github.io/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-+-Account-Takeover -

03 Jul 2024, 01:51

Type Values Removed Values Added
CWE CWE-639
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.6
Summary
  • (es) La vulnerabilidad de referencias directas a objetos inseguras (IDOR) en Hospital Management System 1.0 permite a los atacantes manipular parámetros de usuario para acceso no autorizado y modificaciones a través de una solicitud POST manipulada a /patient/edit-user.php.

29 Apr 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-29 18:15

Updated : 2025-04-01 14:50

NVD link : CVE-2024-28320

Mitre link : CVE-2024-28320

CVE.ORG link : CVE-2024-28320

JSON object : View

Products Affected

mayurik

  • hospital_management_system
CWE
CWE-639

Authorization Bypass Through User-Controlled Key