PT-2023-4540 · Sourcecodester · Sourcecodester Free Hospital Management System
Cutecabbage
·
Published
2023-08-20
·
Updated
2024-05-17
·
CVE-2023-4441
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Free Hospital Management System for Small Practices version 1.0
Description
A critical issue has been identified, affecting the /patient/appointment.php file. The
sheduledate argument is vulnerable to SQL injection, allowing remote attackers to execute arbitrary SQL queries on the database. This is due to inadequate protection of the SQL query structure.Recommendations
For SourceCodester Free Hospital Management System for Small Practices version 1.0, consider restricting access to the /patient/appointment.php file until a patch is available. As a temporary workaround, avoid using the
sheduledate argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Free Hospital Management System