Moonose

**Name of the Vulnerable Software and Affected Versions** code-projects E-Health Care System version 1.0 SQL Server 2019 (affected versions not specified) **Description** A critical vulnerability was found in the code-projects E-Health Care System, affecting an unknown function of the file Doctor/app request.php. The manipulation of the `app id` argument leads to SQL injection. It is possible to launch the attack remotely. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For code-projects E-Health Care System version 1.0, consider disabling the unknown function of the file Doctor/app request.php until a patch is available. For SQL Server 2019, update to the latest version to mitigate risks. As a temporary workaround, restrict access to the `app id` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability in code-projects E-Health Care System.