Skip to content
/ CVE-2024-23747 Public

Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

louiselalanne/CVE-2024-23747

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2024-23747

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability.

PoC

This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URL. Bymanipulating this id parameter, an attacker can gain access to sensitive medical information.

http://IP/Modernanet/LAUDO/LAU0000100/Laudo?id=NUMBER

Captura de tela 2024-01-26 061042

You don't need to be logged in to see the results.

Bonus

It was possible to access this hospital's user account because of weak credentials that can be obtained through this IDOR.

image

Reference

https://modernasistemas.com.br/sitems/

About

Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published