SourceCodester Free Hospital Management System for Small Practices Redirect behavioral workflow
CVE-2023-4181

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Free Hospital Management System for Small Practices
Vendor
CVE Published:
6 August 2023

Summary

A vulnerability has been identified in SourceCodester's Free Hospital Management System for Small Practices, specifically in the component responsible for redirect handling. This issue allows an attacker to manipulate certain functionalities, leading to potential enforcement of unauthorized behavioral workflows. The vulnerability affects the file located at /vm/admin/delete-doctor.php, which can be exploited remotely. This public exploit poses a significant risk to users of the system, as it may enable malicious actors to alter operational processes without proper authorization.

Affected Version(s)

Free Hospital Management System for Small Practices 1.0

References

https://vuldb.com/?id.236216
vdb-entrytechnical-description
https://vuldb.com/?ctiid.236216
signaturepermissions-required
https://github.com/Yesec/Free-Hospital-Management-System-...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

YeSec (VulDB User)
.