SQL Injection Vulnerability in Online Clinic Management System by CveSecLook
CVE-2024-40393

9.8CRITICAL

Key Information:

Vendor: Angeljudesuarez
Status: Online Clinic Management System
Vendor: CVE Published:; 16 July 2024

Summary

The Online Clinic Management System version 1.0, developed by CveSecLook, is vulnerable to SQL injection attacks due to improper handling of the user input in the login.php file. This flaw allows malicious users to execute arbitrary SQL queries by manipulating the 'user' parameter, potentially leading to unauthorized access to sensitive data or a complete compromise of the system's database.

References

https://github.com/CveSecLook/cve/issues/47

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2024