CVE-2023-4185

Name of the Vulnerable Software and Affected Versions SourceCodester Online Hospital Management System version 1.0

Description A critical issue has been found in the patientlogin.php file of the system, related to the lack of protection against SQL query structure manipulation. This allows a remote attacker to execute arbitrary SQL queries on the database. The manipulation of the loginid and password arguments leads to SQL injection. The issue can be exploited remotely.

Recommendations For SourceCodester Online Hospital Management System version 1.0, consider disabling the patientlogin.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the loginid and password arguments in the affected file to minimize the risk of exploitation.