CVE-2022-2298

Name of the Vulnerable Software and Affected Versions SourceCodester Clinics Patient Management System version 2.0

Description A critical issue has been found in the Login Page component, specifically in the file /pms/index.php. The manipulation of the user name argument with the input admin' or '1'='1 leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed.

Recommendations For version 2.0, as a temporary workaround, consider restricting access to the /pms/index.php file or disabling the Login Page functionality until a patch is available. Avoid using the user name argument in the affected login functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.