SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection
CVE-2023-4441

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Free Hospital Management System for Small Practices
Vendor: CVE Published:; 21 August 2023

Summary

A vulnerability in the SourceCodester Free Hospital Management System for Small Practices version 1.0 was discovered, impacting the /patient/appointment.php file. This issue arises from improper validation of the 'scheduledate' parameter, allowing attackers to execute SQL injection attacks remotely. Successful exploitation could compromise the integrity and confidentiality of the database, potentially leading to unauthorized access to sensitive information.

Affected Version(s)

Free Hospital Management System for Small Practices 1.0

References

https://vuldb.com/?id.237562

vdb-entrytechnical-description

https://vuldb.com/?ctiid.237562

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2023
Vulnerability Reserved
Aug 20, 2023

Credit

CuteCabbage (VulDB User)