CVE-2021-41660

Name of the Vulnerable Software and Affected Versions Sourcecodester Patient Appointment Scheduler System version 1

Description The issue allows attackers to execute arbitrary SQL commands via the username and password fields to "login.php" API endpoint. This enables unauthorized access and potential data manipulation.

Recommendations For Sourcecodester Patient Appointment Scheduler System version 1, consider disabling the login functionality via "login.php" until a patch is available, and restrict access to the username and password fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.