CVE-2020-26627

Name of the Vulnerable Software and Affected Versions Hospital Management System version 4.0

Description A Time-Based SQL Injection issue was discovered, allowing an attacker to dump database information via a crafted payload entered into the Admin Remark parameter under the "Contact Us Queries -> Unread Query" tab.

Recommendations For Hospital Management System version 4.0, consider temporarily restricting access to the "Contact Us Queries -> Unread Query" tab and the Admin Remark parameter until a patch is available. Avoid using the Admin Remark parameter in the affected tab until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.