CVE-2024-28320

Description

Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php.

References

https://sospiro014.github.io/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-+-Account-Takeover

https://packetstormsecurity.com/files/177326/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-Account-Takeover.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS