CVE-2024-7751

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 13, 2024

Updated: Aug 19, 2024

CWE ID 89

Summary

CVE-2024-7751 is a critical vulnerability affecting the SourceCodester Clinics Patient Management System 1.0. The issue lies within an unspecified functionality of the file /update_medicine.php and results in SQL injection. By manipulating the argument hidden_id, attackers can execute malicious SQL statements, potentially gaining unauthorized access or data theft. This vulnerability can be exploited remotely, meaning an attacker does not need to be physically present on the system to launch an attack. The exploit for this vulnerability has been made public, increasing the risk for potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xudQ8s
https://www.cve.org/CVERecord?id=CVE-2024-7751
https://nvd.nist.gov/vuln/detail/CVE-2024-7751

Back to Vulnerability Database

CVE-2024-7751

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations