CVE-2022-38637 PoC — Hospital Management System SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-38637.yaml

Associated Vulnerability

Title:Hospital Management System SQL注入漏洞 (CVE-2022-38637)
Description:Hospital Management System（HMS）是一种计算机系统，可以帮助管理与医疗保健相关的信息，并帮助医疗保健提供者有效地完成工作。 Hospital Management System v1.0 版本存在SQL注入漏洞，该漏洞源于登录页面上的Username 和 Password 参数存在安全问题，攻击者利用该漏洞可以可以从数据库中读取敏感数据、修改数据库数据等。

Description

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/user-login.php.  An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.

File Snapshot


 id: CVE-2022-38637

info:
  name: Hospital Management System 1.0 - SQL Injection
  author: arafatans

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!