SourceCodester Free Hospital Management System for Small Practices booking-complete.php sql injection
CVE-2023-4442

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Free Hospital Management System for Small Practices
Vendor
CVE Published:
21 August 2023

Summary

A vulnerability affecting the SourceCodester Free Hospital Management System for Small Practices 1.0 has been identified, which allows for SQL injection through the manipulation of arguments in the file \vm\patient\booking-complete.php. Attackers can exploit this weakness remotely by crafting requests that modify the 'userid', 'appnum', or 'scheduleid' parameters, leading to unauthorized database access or manipulation. This issue poses a significant security risk, especially since it has been publicly disclosed, allowing potential exploitation by malicious entities.

Affected Version(s)

Free Hospital Management System for Small Practices 1.0

References

https://vuldb.com/?id.237563
vdb-entrytechnical-description
https://vuldb.com/?ctiid.237563
signaturepermissions-required
https://github.com/CookedMelon/cve/tree/master/hospital/p...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CookedMelon (VulDB User)
.