.. / CVE-2024-4257

Exploit for BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection (CVE-2024-4257)

Description:

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely.

Nuclei Template

View the template here CVE-2024-4257.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-4257.yaml
Copy

References:

https://github.com/GAO-UNO/cve/blob/main/sql.md
https://nvd.nist.gov/vuln/detail/CVE-2024-4257
https://vuldb.com/?submit.321338