Name of the Vulnerable Software and Affected Versions:

code-projects Online Medicine Guide version 1.0

Description:

A critical vulnerability exists in an unknown functionality of the file `/changepass.php`. Manipulation of the `ups` argument leads to a SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public.

Recommendations:

As a temporary workaround, consider restricting access to the `/changepass.php` file until a patch is available.

Sanitize the `ups` parameter before using it in any database queries.