mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-30 02:00:45 +00:00
745 B
745 B
CVE-2022-29938
Description
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.
POC
Reference
- https://nitroteam.kz/index.php?action=researches&slug=librehealth_r
- https://nitroteam.kz/index.php?action=researches&slug=librehealth_r
Github
No PoCs found on GitHub currently.