CVE-2023-4181

Name of the Vulnerable Software and Affected Versions SourceCodester Free Hospital Management System for Small Practices version 1.0

Description A critical issue has been found in the SourceCodester Free Hospital Management System for Small Practices, affecting some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely.

Recommendations For version 1.0, consider restricting access to the /vm/admin/delete-doctor.php endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.