CVE-2024-11057 MEDIUM

CVE-2024-11057: Codezips Hospital Appointment System removeBranchResult.php sql injection

Vendor Codezips
Product Hospital Appointment System
Weakness CWE-89 · SQLi
Published November 10, 2024
Last update November 12, 2024
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability has been found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /removeBranchResult.php. The manipulation of the argument ID/Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

November 10, 2024 CVE published
November 12, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-1670 School Management System – WPSchoolPress <= 2.2.16 - Authenticated (Parent+) SQL Injection CVE-2025-5576 PHPGurukul Dairy Farm Shop Management System bwdate-report-details.php sql injection CVE-2025-10660 WP Dashboard Chat <= 1.0.3 - Authenticated (Contributor+) SQL Injection via id CVE-2025-11603 code-projects Simple Food Ordering System editproduct.php sql injection CVE-2024-6042 itsourcecode Real Estate Management System property-detail.php sql injection