Crit PHPGurukul DMMS 1.0 Remote RFI via editid in view-appointment-detail.php
CVE-2024-4294 Published on April 27, 2024
PHPGurukul Doctor Appointment Management System view-appointment-detail.php resource injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262226 is the identifier assigned to this vulnerability.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Type
What is an Insecure Direct Object Reference Vulnerability?
The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
CVE-2024-4294 has been classified to as an Insecure Direct Object Reference vulnerability or weakness.
Products Associated with CVE-2024-4294
Want to know whenever a new CVE is published for PHPGurukul Doctor Appointment Management System? stack.watch will email you.
Affected Versions
PHPGurukul Doctor Appointment Management System Version 1.0 is affected by CVE-2024-4294Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.