CVE-2024-8080

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Health Care System version 1.0

Description: A critical vulnerability has been found in the SourceCodester Online Health Care System. The issue is related to an unknown function of the file search.php, where the manipulation of the argument f name with a specific input leads to SQL injection. This can be achieved by using the input 1%' or 1=1 ) UNION SELECT 1,2,3,4,5,database(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# as part of a string. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations: As a temporary workaround, consider restricting access to the search.php file until a patch is available. Avoid using the f name argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.