Vulnerabilities > CVE-2022-22854 - Missing Authorization vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

hospital-s-patient-records-management-system-project

CWE-862

NVD

Published: 2022-02-14

Updated: 2022-03-30

Summary

An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list.

Vulnerable Configurations

Part	Description	Count
Application	Hospital\'S_Patient_Records_Management_System_Project Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/Dheeraj-Deshmukh/Hospital-s-patient-management-system