SourceCodester Free Hospital Management System for Small Practices Parameter doctors.php sql injection
CVE-2023-5587
9.8CRITICAL
What is CVE-2023-5587?
A SQL injection vulnerability exists in the SourceCodester Free Hospital Management System for Small Practices 1.0, primarily affecting the file /vm/admin/doctors.php. By manipulating the 'search' parameter, an attacker can execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data. This exploitation can occur remotely, posing significant security risks to database integrity and confidentiality. The issue has been publicly disclosed, increasing the likelihood of exploitation by malicious actors.
Affected Version(s)
Free Hospital Management System for Small Practices 1.0