CVE-2023-0774

Name of the Vulnerable Software and Affected Versions SourceCodester Medical Certificate Generator App version 1.0

Description The issue is related to a lack of protection against SQL query structure exploitation in the action.php script of the Medical Certificate Generator App. This allows a remote attacker to execute arbitrary SQL code by manipulating the lastname argument, leading to a SQL injection attack.

Recommendations For SourceCodester Medical Certificate Generator App version 1.0, consider disabling the action.php script or restricting access to it until a patch is available to prevent SQL injection attacks. Additionally, avoid using the lastname argument in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.