SQL Injection Vulnerability in SourceCodester Clinics Patient Management System
CVE-2024-7754

7.5HIGH

Key Information:

Vendor: SourceCodester
Status: Clinics Patient Management System
Vendor: CVE Published:; 14 August 2024

Summary

A serious SQL injection vulnerability has been identified in the SourceCodester Clinics Patient Management System version 1.0, specifically targeting the file /ajax/check_medicine_name.php. This flaw arises from improper handling of the user_name argument, allowing an attacker to execute arbitrary SQL commands remotely. Such exploitation could lead to unauthorized access to sensitive data, making it crucial for users of this system to apply security patches or mitigations promptly. The threat has been publicly disclosed, increasing the urgency for affected organizations to ensure their systems are fortified against potential intrusions.

References

https://vuldb.com/?id.274373

https://vuldb.com/?ctiid.274373

https://vuldb.com/?submit.389367

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2024