CVE-2023-5587

Name of the Vulnerable Software and Affected Versions SourceCodester Free Hospital Management System for Small Practices version 1.0

Description A critical issue was found in the file /vm/admin/doctors.php of the component Parameter Handler, related to the lack of protection of the SQL query structure. The manipulation of the search argument leads to SQL injection. The attack can be launched remotely.

Recommendations For SourceCodester Free Hospital Management System for Small Practices version 1.0, as a temporary workaround, consider disabling the /vm/admin/doctors.php file or restricting access to it until a patch is available. Avoid using the search argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.