SourceCodester Free Hospital Management System for Small Practices login.php sql injection
CVE-2023-4180

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Free Hospital Management System for Small Practices
Vendor
CVE Published:
6 August 2023

What is CVE-2023-4180?

A vulnerability has been identified within the SourceCodester Free Hospital Management System for Small Practices 1.0 that permits remote attackers to exploit an inadequate validation of user inputs in the login.php file. This flaw allows manipulation of the useremail and userpassword parameters, potentially leading to unauthorized SQL queries. With this vulnerability being publicly disclosed, it poses significant risks to the integrity of the system, allowing attackers to compromise sensitive data.

Affected Version(s)

Free Hospital Management System for Small Practices 1.0

References

https://vuldb.com/?id.236215
vdb-entrytechnical-description
https://vuldb.com/?ctiid.236215
signaturepermissions-required
https://github.com/Yesec/Free-Hospital-Management-System-...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

YeSec (VulDB User)
.