A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. It has been classified as critical. This affects an unknown part of the file appointment.php. The manipulation of the argument sheduledate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237561 was assigned to this vulnerability.
References
| Link | Resource |
|---|---|
| https://vuldb.com/?ctiid.237561 | Press/Media Coverage Third Party Advisory VDB Entry |
| https://vuldb.com/?id.237561 | Third Party Advisory VDB Entry |
| https://github.com/CookedMelon/cve/tree/master/hospital/patient | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Aug 2023, 17:04
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CPE | cpe:2.3:a:free_hospital_management_system_for_small_practices_project:free_hospital_management_system_for_small_practices:1.0:*:*:*:*:*:*:* | |
| First Time |
Free Hospital Management System For Small Practices Project free Hospital Management System For Small Practices
Free Hospital Management System For Small Practices Project |
|
| References | (MISC) https://vuldb.com/?ctiid.237561 - Press/Media Coverage, Third Party Advisory, VDB Entry | |
| References | (MISC) https://github.com/CookedMelon/cve/tree/master/hospital/patient - Third Party Advisory | |
| References | (MISC) https://vuldb.com/?id.237561 - Third Party Advisory, VDB Entry |
20 Aug 2023, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-20 23:15
Updated : 2024-05-17 02:31
NVD link : CVE-2023-4440
Mitre link : CVE-2023-4440
JSON object : View
Products Affected
free_hospital_management_system_for_small_practices_project
- free_hospital_management_system_for_small_practices
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')