SourceCodester Free Hospital Management System for Small Practices Parameter doctors.php sql injection
CVE-2023-5587

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Free Hospital Management System for Small Practices
Vendor
CVE Published:
15 October 2023

Summary

A SQL injection vulnerability exists in the SourceCodester Free Hospital Management System for Small Practices 1.0, primarily affecting the file /vm/admin/doctors.php. By manipulating the 'search' parameter, an attacker can execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data. This exploitation can occur remotely, posing significant security risks to database integrity and confidentiality. The issue has been publicly disclosed, increasing the likelihood of exploitation by malicious actors.

Affected Version(s)

Free Hospital Management System for Small Practices 1.0

References

https://vuldb.com/?id.242186
vdb-entrytechnical-description
https://vuldb.com/?ctiid.242186
signaturepermissions-required
https://github.com/GodRone/Hospital-Management-System_SQL...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rone020 (VulDB User)
.