CVE-2023-4180

Name of the Vulnerable Software and Affected Versions SourceCodester Free Hospital Management System for Small Practices version 1.0

Description A critical vulnerability was found in the SourceCodester Free Hospital Management System for Small Practices. The issue affects an unknown functionality of the file /vm/login.php. The manipulation of the useremail and userpassword arguments leads to SQL injection. The attack can be launched remotely.

Recommendations For version 1.0, consider disabling the login functionality in /vm/login.php until a patch is available. Restrict access to the /vm/login.php file to minimize the risk of exploitation. Avoid using the useremail and userpassword arguments in the affected file until the issue is resolved.