Headline
CVE-2021-43362: CVE-2021-43362 MedData HBYS Boolen-base Blind SQL Injection - ORACLE
Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system.
# Product: MedData HBYS
# DBMS: ORACLE
# SQLi type: Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)
# Version: 1.0
# Description: A remote attacker can retrieve arbitrary sensitive data from SQL server with sending payloads over application to SQL server.
# Impact: Data manipulation/deletion
Sensitive data leak
Hijacking of systems
# Solution: The vendor has fixed the issue.