CVE-2023-4443

Name of the Vulnerable Software and Affected Versions SourceCodester Free Hospital Management System for Small Practices versions 1.0 through 5.0.12

Description A critical issue has been discovered, allowing for SQL injection through the manipulation of the id00, nic, oldemail, email, spec, and Tele arguments in an unknown function of the file vmdoctoredit-doc.php. This can be exploited remotely.

Recommendations For versions 1.0 through 5.0.12, consider restricting access to the vmdoctoredit-doc.php file and the affected arguments until a patch is available. As a temporary workaround, avoid using the id00, nic, oldemail, email, spec, and Tele arguments in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.