PHPGurukul Hospital Management System Admin Dashboard sql injection
CVE-2023-7172

7.2HIGH

Key Information:

Vendor: PHPGurukul
Status: Hospital Management System
Vendor: CVE Published:; 30 December 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists within the Admin Dashboard of PHPGurukul Hospital Management System 1.0, allowing attackers to manipulate backend databases through SQL injection. This flaw can be exploited remotely, posing significant risks to data integrity and confidentiality. Publicly disclosed exploitation methods may already pose a threat, emphasizing the urgency for patching and mitigation.

Affected Version(s)

Hospital Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-7172
Created by sharathc213

References

https://vuldb.com/?id.249356

vdb-entry

https://vuldb.com/?ctiid.249356

signaturepermissions-required

https://drive.google.com/file/d/11DHRUjvOF0yV24I4JlZ0X1RE...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jan 2, 2024
👾
Exploit known to exist
Jan 2, 2024
Vulnerability published
Dec 30, 2023
Vulnerability Reserved
Dec 29, 2023

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

sharath213 (VulDB User)