CVE-2024-23747

Published: Jan 29, 2024Modified: Jun 20, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information.

Affected (1)

Products: Modernasistemas: Modernanet Hospital Management System 2024

Modernasistemas

1 product

Modernanet Hospital Management System 2024

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Modernasistemas Modernanet Hospital Management System 2024	All versions

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://github.com/louiselalanne/CVE-2024-23747

Source: cve@mitre.org

ExploitThird Party Advisory

https://modernasistemas.com.br/sitems/

Source: cve@mitre.org

Product

https://github.com/louiselalanne/CVE-2024-23747

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://modernasistemas.com.br/sitems/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.