Chenfh

**Name of the Vulnerable Software and Affected Versions** SourceCodester Medical Center Portal Management System version 1.0 **Description** A flaw exists in SourceCodester Medical Center Portal Management System 1.0 that allows for SQL injection. The issue is located in an unknown function within the `/login.php` file. Manipulating the `User` argument can trigger the injection. The attack can be carried out remotely, and details about the exploit are publicly available. **Recommendations** Apply a fix to the vulnerable function in the `/login.php` file to prevent SQL injection attacks. Sanitize the `User` input to eliminate potentially malicious code. Restrict access to the `/login.php` file to authorized personnel only. As a temporary workaround, consider disabling the affected function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Medical Center Portal Management System version 1.0 **Description** A flaw exists in SourceCodester Medical Center Portal Management System 1.0 that allows for SQL injection. The issue is located in the `/emp edit1.php` file, specifically through manipulation of the `ID` parameter within an unknown function. This allows for remote exploitation, and details of the exploit are publicly available. **Recommendations** Apply a fix to the vulnerable function in the `/emp edit1.php` file to prevent SQL injection attacks. Sanitize the `ID` parameter before using it in database queries. As a temporary workaround, restrict access to the `/emp edit1.php` file.