SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection
CVE-2023-4441
9.8CRITICAL
What is CVE-2023-4441?
A vulnerability in the SourceCodester Free Hospital Management System for Small Practices version 1.0 was discovered, impacting the /patient/appointment.php file. This issue arises from improper validation of the 'scheduledate' parameter, allowing attackers to execute SQL injection attacks remotely. Successful exploitation could compromise the integrity and confidentiality of the database, potentially leading to unauthorized access to sensitive information.
Affected Version(s)
Free Hospital Management System for Small Practices 1.0