SQL Injection Vulnerability in Hospital Management System by PHP Gurukul
CVE-2021-35387

8.8HIGH

Key Information:

Vendor: PHPgurukul
Status: Hospital Management System
Vendor: CVE Published:; 28 October 2022

Summary

The Hospital Management System version 4.0 by PHP Gurukul is susceptible to an SQL injection vulnerability through the 'view-patient.php' file located in the admin directory. This security flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive patient data. Proper validation and sanitization measures should be implemented to mitigate this risk. For more details, refer to the official documentation and Github repository.

References

https://phpgurukul.com/hospital-management-system-in-php

https://github.com/BigTiger2020/Hospital-Management-Syste...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 28, 2022
Vulnerability Reserved
Jun 23, 2021