CVE-2024-0268

Name of the Vulnerable Software and Affected Versions Kashipara Hospital Management System versions up to 1.0

Description A critical issue has been found in the Kashipara Hospital Management System, affecting some unknown functionality of the file registration.php. The manipulation of the arguments name, email, pass, gender, age, city leads to SQL injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Kashipara Hospital Management System versions up to 1.0, as a temporary workaround, consider restricting access to the vulnerable file registration.php until a patch is available. Avoid using the arguments name, email, pass, gender, age, city in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.