Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be displayed.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-24T13:11:53

Updated: 2024-08-03T03:07:50.396Z

Reserved: 2022-01-03T00:00:00

Link: CVE-2022-22296

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-24T14:15:07.737

Modified: 2024-11-21T06:46:35.177

Link: CVE-2022-22296

cve-icon Redhat

No data.