CVE-2024-0267

Name of the Vulnerable Software and Affected Versions Kashipara Hospital Management System versions up to 1.0

Description A critical vulnerability was found in the Parameter Handler component of the file login.php. The manipulation of the email and password arguments leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 1.0, as a temporary workaround, consider restricting access to the login.php file and the Parameter Handler component to minimize the risk of exploitation. Avoid using the email and password arguments in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.