SQL Injection Vulnerability in PHPGurukul Hospital Management System
CVE-2020-22165

7.5HIGH

Key Information:

Vendor: PHPgurukul
Status: Hospital Management System
Vendor: CVE Published:; 22 June 2021

Summary

The PHPGurukul Hospital Management System version 4.0 is susceptible to a SQL injection vulnerability located in the user-login.php file. This flaw allows remote unauthenticated users to manipulate SQL queries, potentially leading to unauthorized access to sensitive database information. Malicious actors can exploit this vulnerability to extract confidential data, raising significant security concerns for institutions relying on this software for hospital management.

References

https://github.com/itodaro/PHPGurukul_Hospital_Management...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 22, 2021
Vulnerability Reserved
Aug 13, 2020