CVE-2022-4013 MEDIUM

CVE-2022-4013: Hospital Management Center appointment.php cross-site request forgery

Vendor Unspecified

Product Hospital Management Center

Weakness CWE-863 · Incorrect authorization

Published November 16, 2022

Last update April 15, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787.

Key dates

02Disclosure timeline

November 16, 2022 CVE published

April 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-4013

Related vulnerabilities

04Related CVE

CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution CVE-2024-58260 Rancher update on users can deny the service to the admin CVE-2026-45672 Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed CVE-2026-31991 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group Allowlist CVE-2021-34647 Ninja Forms <= 3.5.7 Sensitive Information Disclosure