Checkin

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Health Care System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Online Health Care System. The issue is related to an unknown function of the file search.php, where the manipulation of the argument `f name` with a specific input leads to SQL injection. This can be achieved by using the input `1%' or 1=1 ) UNION SELECT 1,2,3,4,5,database(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23#` as part of a string. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider restricting access to the `search.php` file until a patch is available. Avoid using the `f name` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.