CVE-2020-26630

Name of the Vulnerable Software and Affected Versions Hospital Management System version 4.0

Description A Time-Based SQL Injection issue was discovered, allowing an attacker to dump database information via a special payload in the Doctor Specialization field under the "Go to Doctors" tab after logging in as an admin.

Recommendations For Hospital Management System version 4.0, consider temporarily restricting access to the "Go to Doctors" tab and the Doctor Specialization field to minimize the risk of exploitation until a patch is available. Avoid using the Doctor Specialization field in the affected area until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.