SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection
CVE-2023-4440
9.8CRITICAL
What is CVE-2023-4440?
An SQL injection vulnerability exists in SourceCodester's Free Hospital Management System for Small Practices version 1.0. The issue resides in the processing of the 'sheduledate' argument within the appointment.php file. An attacker can exploit this vulnerability remotely by manipulating the relevant input, potentially gaining unauthorized access to the database. This could lead to exposure of sensitive data, making it imperative for users to assess their systems and implement appropriate security measures.
Affected Version(s)
Free Hospital Management System for Small Practices 1.0