Login Sign Up

CVE-2024-12947

6.3 MEDIUM
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in Codezips Hospital Management System 1.0 allows attackers to execute arbitrary SQL commands via the 'dname' parameter in /invo.php. Attackers can remotely exploit this to access, modify, or delete sensitive hospital data. All systems running the affected software are vulnerable.

💻 Affected Systems

Products:
  • Codezips Hospital Management System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default installation. Other parameters beyond 'dname' may also be vulnerable based on the description.

📦 What is this software?

Hospital Management System by Codezips

View all CVEs affecting Hospital Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including patient records, medical data, financial information, and administrative credentials leading to data breach, system takeover, and potential ransomware deployment.

🟠

Likely Case

Unauthorized access to sensitive patient data, modification of billing records, extraction of personal information, and potential privilege escalation within the system.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation preventing successful exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub, making this easily weaponizable. The SQL injection appears to be straightforward with no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

1. Check vendor website for updates 2. Apply any available patches 3. Test functionality after patching 4. Monitor for any issues

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for all user inputs in invo.php

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns targeting /invo.php and dname parameter

🧯 If You Can't Patch

  • Isolate the system from internet access and restrict to internal network only
  • Implement network segmentation and strict access controls to limit who can reach the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Test /invo.php endpoint with SQL injection payloads in dname parameter and observe database errors or unexpected responses

Check Version:

Check system documentation or admin panel for version information

Verify Fix Applied:

Retest with same SQL injection payloads and verify they are properly sanitized or rejected

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in application logs
  • Multiple failed login attempts
  • Unexpected database errors in /invo.php access logs

Network Indicators:

  • SQL injection patterns in HTTP requests to /invo.php
  • Unusual outbound database connections

SIEM Query:

source="web_logs" AND uri="/invo.php" AND (dname CONTAINS "' OR" OR dname CONTAINS "UNION" OR dname CONTAINS "SELECT" OR dname CONTAINS "--")

📊 Metadata

CVE ID: CVE-2024-12947
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
Published: December 26, 2024
Last Updated: March 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12947, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)