Vulnerability-Lookup

CNVD-2023-64629

Vulnerability from cnvd - Published: 2023-08-24

Title

Hospital Management System SQL注入漏洞（CNVD-2023-64629）

Description

Hospital Management System（HMS）是一种计算机系统，可以帮助管理与医疗保健相关的信息，并帮助医疗保健提供者有效地完成工作。 Hospital Management System V1.0版本存在SQL注入漏洞，该漏洞源于应用程序无法在登录过程中正确验证用户在登录ID和密码字段中提供的输入，攻击者可利用该漏洞能够注入恶意SQL代码。

Severity

高

Patch Name

Hospital Management System SQL注入漏洞（CNVD-2023-64629）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://code-projects.org/online-hospital-management-system-in-php-with-source-code/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-37069

Impacted products

Name
Hospital Management System Hospital Management System v1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-37069",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-37069"
    }
  },
  "description": "Hospital Management System\uff08HMS\uff09\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u7cfb\u7edf\uff0c\u53ef\u4ee5\u5e2e\u52a9\u7ba1\u7406\u4e0e\u533b\u7597\u4fdd\u5065\u76f8\u5173\u7684\u4fe1\u606f\uff0c\u5e76\u5e2e\u52a9\u533b\u7597\u4fdd\u5065\u63d0\u4f9b\u8005\u6709\u6548\u5730\u5b8c\u6210\u5de5\u4f5c\u3002\n\nHospital Management System V1.0\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u65e0\u6cd5\u5728\u767b\u5f55\u8fc7\u7a0b\u4e2d\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u5728\u767b\u5f55ID\u548c\u5bc6\u7801\u5b57\u6bb5\u4e2d\u63d0\u4f9b\u7684\u8f93\u5165\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u80fd\u591f\u6ce8\u5165\u6076\u610fSQL\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://code-projects.org/online-hospital-management-system-in-php-with-source-code/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-64629",
  "openTime": "2023-08-24",
  "patchDescription": "Hospital Management System\uff08HMS\uff09\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u7cfb\u7edf\uff0c\u53ef\u4ee5\u5e2e\u52a9\u7ba1\u7406\u4e0e\u533b\u7597\u4fdd\u5065\u76f8\u5173\u7684\u4fe1\u606f\uff0c\u5e76\u5e2e\u52a9\u533b\u7597\u4fdd\u5065\u63d0\u4f9b\u8005\u6709\u6548\u5730\u5b8c\u6210\u5de5\u4f5c\u3002\r\n\r\nHospital Management System V1.0\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u65e0\u6cd5\u5728\u767b\u5f55\u8fc7\u7a0b\u4e2d\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u5728\u767b\u5f55ID\u548c\u5bc6\u7801\u5b57\u6bb5\u4e2d\u63d0\u4f9b\u7684\u8f93\u5165\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u80fd\u591f\u6ce8\u5165\u6076\u610fSQL\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Hospital Management System SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2023-64629\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Hospital Management System Hospital Management System v1.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-37069",
  "serverity": "\u9ad8",
  "submitTime": "2023-08-14",
  "title": "Hospital Management System SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2023-64629\uff09"
}

CVE-2023-37069 (GCVE-0-2023-37069)

Vulnerability from cvelistv5 – Published: 2023-08-10 00:00 – Updated: 2024-10-09 20:37

Summary

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://code-projects.org/online-hospital-managem…
	https://github.com/Mr-Secure-Code/My-CVE/blob/mai…
	https://github.com/riteshs4hu/My-CVE/blob/main/CV…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:10.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://code-projects.org/online-hospital-management-system-in-php-with-source-code/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37069-Exploit.md"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37069",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T20:37:24.556446Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T20:37:39.585Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-24T15:17:42.091Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://code-projects.org/online-hospital-management-system-in-php-with-source-code/"
        },
        {
          "url": "https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37069-Exploit.md"
        },
        {
          "url": "https://github.com/riteshs4hu/My-CVE/blob/main/CVE-2023-37069-Exploit.md"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-37069",
    "datePublished": "2023-08-10T00:00:00.000Z",
    "dateReserved": "2023-06-28T00:00:00.000Z",
    "dateUpdated": "2024-10-09T20:37:39.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2023-64629

CVE-2023-37069 (GCVE-0-2023-37069)

Tags

Sightings

Nomenclature