CVE-2021-43630

Name of the Vulnerable Software and Affected Versions: Projectworlds Hospital Management System version 1.0

Description: The issue allows an authenticated malicious user to compromise the database system via SQL injection in multiple parameters in the add patient.php file. This can potentially lead to remote code execution on the remote web server.

Recommendations: For Projectworlds Hospital Management System version 1.0, consider restricting access to the add patient.php file until a patch is available. As a temporary workaround, avoid using vulnerable parameters in the add patient.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.