SourceCodester Free Hospital Management System for Small Practices edit-user.php sql injection
CVE-2023-4444

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Free Hospital Management System for Small Practices
Vendor
CVE Published:
21 August 2023

Summary

A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file vm\patient\edit-user.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237565 was assigned to this vulnerability.

Affected Version(s)

Free Hospital Management System for Small Practices 1.0

References

https://vuldb.com/?id.237565
vdb-entrytechnical-description
https://vuldb.com/?ctiid.237565
signaturepermissions-required
https://github.com/CookedMelon/cve/tree/master/hospital/p...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

CookedMelon (VulDB User)
.