CVE-2024-28303 Information

Description

Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php.

Reference

https://github.com/onurkarasalihoglu/vulnerability-disclosures/blob/main/omos-sql-injection.md https://github.com/onurkarasalihoglu/vulnerability-disclosures/blob/main/omos_sqli_exploit.py