Vulnerability Details CVE-2022-22296
Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be displayed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.6%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2022-22296
-
Hospital's Patient Records Management System Project » Hospital's Patient Records Management System » Version: 1.0cpe:2.3:a:hospital's_patient_records_management_system_project:hospital's_patient_records_management_system:1.0