CVE-2023-4441

Name of the Vulnerable Software and Affected Versions SourceCodester Free Hospital Management System for Small Practices version 1.0

Description A critical issue has been identified, affecting the /patient/appointment.php file. The sheduledate argument is vulnerable to SQL injection, allowing remote attackers to execute arbitrary SQL queries on the database. This is due to inadequate protection of the SQL query structure.

Recommendations For SourceCodester Free Hospital Management System for Small Practices version 1.0, consider restricting access to the /patient/appointment.php file until a patch is available. As a temporary workaround, avoid using the sheduledate argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.