CVE-2024-46532
上海顶想信息科技有限公司(https://www.kancloud.cn/)
互联网医疗系统(医疗门诊OpenHIS)
V1.0
https://github.com/1638824607/OpenHIS?tab=readme-ov-file
OpenHIS-master/Application/His/Controller/PayController.class.php
public function refund()
{
$paylog_id = I('get.paylog_id',0);
$amount = I('post.amount','all');//all就是是全部
$adm_uid = I('post.adm_uid',0);//all就是是全部
$adm_memo = I('post.adm_memo','退款');//all就是是全部
if(!$paylog_id||!$amount)$this->resJSON(1,'参数缺失:paylog_id or amount');
#todo 这里需要添加功能权限,无权限不能使用
$sql = "SELECT a.*,b.hospital_id,b.type_id,b.order_code,b.ol_pay_part,b.amount,b.patient_id FROM ".$this->tab_pre."his_care_paylog a LEFT JOIN ".$this->tab_pre."his_care_pkg b ON a.pkg_id=b.id WHERE a.id='$paylog_id' LIMIT 1";
$r = $this->db->query($sql);
if(!$r)$this->resJSON(2,'paylog_id无效',$sql);
(Update:CVE certification has been passed, not provided at the moment. The problematic code snippets have been provided)