SourceCodester Free Hospital Management System for Small Practices booking-complete.php sql injection
CVE-2023-4442
9.8CRITICAL
What is CVE-2023-4442?
A vulnerability affecting the SourceCodester Free Hospital Management System for Small Practices 1.0 has been identified, which allows for SQL injection through the manipulation of arguments in the file \vm\patient\booking-complete.php. Attackers can exploit this weakness remotely by crafting requests that modify the 'userid', 'appnum', or 'scheduleid' parameters, leading to unauthorized database access or manipulation. This issue poses a significant security risk, especially since it has been publicly disclosed, allowing potential exploitation by malicious entities.
Affected Version(s)
Free Hospital Management System for Small Practices 1.0