E-Health Care System 10 suffers from Critical SQL Injection (DC-2024-10967)

2024-11-26

:

A critical SQL injection vulnerability (CVE-2024-10967) has been identified in an unknown function within the file `/Doctor/delete_user_appointment_request.php` of the E-Health Care System 1.0 software. This vulnerability allows attackers to remotely manipulate the application’s data by crafting malicious code within the `id` argument. The exploit details are publicly available, increasing the risk of attacks.

Vulnerability Details:

Platform: E-Health Care System
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: November 7, 2024 (Published by NIST)

What Undercode Says:

This critical vulnerability poses a significant risk to E-Health Care System users. Attackers can exploit this flaw to gain unauthorized access to sensitive data or disrupt system functionality. It’s crucial to patch your E-Health Care System installation immediately to mitigate this risk.

Additional Notes:

The NIST National Vulnerability Database (NVD) assigned a CVSS v4.0 base score of 6.9 (Medium) to this vulnerability.
The specific function affected within `/Doctor/delete_user_appointment_request.php` is not publicly known.

It is recommended to update E-Health Care System to the latest version as soon as possible to address this vulnerability.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top