CVE-2023-43909

Name of the Vulnerable Software and Affected Versions Hospital Management System thru commit 4770d

Description The issue is related to a SQL injection vulnerability in the Hospital Management System. This vulnerability is exploited via the app contact parameter in the appsearch.php file. The vulnerability arises from the lack of protection against SQL query structure manipulation when processing the app contact parameter. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code.

Recommendations As a temporary workaround, consider restricting access to the appsearch.php file or disabling the app contact parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.