cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-5587,https://securityvulnerability.io/vulnerability/CVE-2023-5587,SourceCodester Free Hospital Management System for Small Practices Parameter doctors.php sql injection,A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-242186 is the identifier assigned to this vulnerability.,SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.0014100000262260437,false,false,false,false,,false,false,2023-10-15T22:15:00.000Z,0
CVE-2023-4443,https://securityvulnerability.io/vulnerability/CVE-2023-4443,SourceCodester Free Hospital Management System for Small Practices edit-doc.php sql injection,"An SQL injection vulnerability has been discovered in the SourceCodester Free Hospital Management System, specifically within the edit-doc.php file located in the vm/doctor directory. This issue arises when specific parameters, including id00, nic, oldemail, email, and spec, are manipulated. An attacker can exploit this flaw remotely, allowing unauthorized access to the database, which can lead to potential data exposure or corruption. It is crucial for organizations using affected versions to apply security patches and mitigate this risk immediately.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.003220000071451068,false,false,false,false,,false,false,2023-08-21T01:15:00.000Z,0
CVE-2023-4444,https://securityvulnerability.io/vulnerability/CVE-2023-4444,SourceCodester Free Hospital Management System for Small Practices edit-user.php sql injection,"A SQL injection vulnerability exists in the Free Hospital Management System for Small Practices due to improper input validation in the file responsible for user data editing. This flaw enables attackers to manipulate user-provided parameters, such as id00, nic, oldemail, email, and Tele, to execute arbitrary SQL commands on the database. The vulnerability can be exploited remotely, exposing sensitive data and allowing unauthorized access to the database. Prompt updates and security measures are essential to mitigate any risks associated with this exposure.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.004650000017136335,false,false,false,false,,false,false,2023-08-21T01:15:00.000Z,0
CVE-2023-4441,https://securityvulnerability.io/vulnerability/CVE-2023-4441,SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection,"A vulnerability in the SourceCodester Free Hospital Management System for Small Practices version 1.0 was discovered, impacting the /patient/appointment.php file. This issue arises from improper validation of the 'scheduledate' parameter, allowing attackers to execute SQL injection attacks remotely. Successful exploitation could compromise the integrity and confidentiality of the database, potentially leading to unauthorized access to sensitive information.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.00203999993391335,false,false,false,false,,false,false,2023-08-21T00:15:00.000Z,0
CVE-2023-4442,https://securityvulnerability.io/vulnerability/CVE-2023-4442,SourceCodester Free Hospital Management System for Small Practices booking-complete.php sql injection,"A vulnerability affecting the SourceCodester Free Hospital Management System for Small Practices 1.0 has been identified, which allows for SQL injection through the manipulation of arguments in the file \vm\patient\booking-complete.php. Attackers can exploit this weakness remotely by crafting requests that modify the 'userid', 'appnum', or 'scheduleid' parameters, leading to unauthorized database access or manipulation. This issue poses a significant security risk, especially since it has been publicly disclosed, allowing potential exploitation by malicious entities.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.003220000071451068,false,false,false,false,,false,false,2023-08-21T00:15:00.000Z,0
CVE-2023-4440,https://securityvulnerability.io/vulnerability/CVE-2023-4440,SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection,"An SQL injection vulnerability exists in SourceCodester's Free Hospital Management System for Small Practices version 1.0. The issue resides in the processing of the 'sheduledate' argument within the appointment.php file. An attacker can exploit this vulnerability remotely by manipulating the relevant input, potentially gaining unauthorized access to the database. This could lead to exposure of sensitive data, making it imperative for users to assess their systems and implement appropriate security measures.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.003220000071451068,false,false,false,false,,false,false,2023-08-20T23:15:00.000Z,0
CVE-2023-4181,https://securityvulnerability.io/vulnerability/CVE-2023-4181,SourceCodester Free Hospital Management System for Small Practices Redirect behavioral workflow,"A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236216.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.02101000025868416,false,false,false,false,,false,false,2023-08-06T09:15:00.000Z,0
CVE-2023-4179,https://securityvulnerability.io/vulnerability/CVE-2023-4179,SourceCodester Free Hospital Management System for Small Practices sql injection,A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-236214 is the identifier assigned to this vulnerability.,SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.006039999891072512,false,false,false,false,,false,false,2023-08-06T08:15:00.000Z,0
CVE-2023-4180,https://securityvulnerability.io/vulnerability/CVE-2023-4180,SourceCodester Free Hospital Management System for Small Practices login.php sql injection,A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file /vm/login.php. The manipulation of the argument useremail/userpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236215.,SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.006039999891072512,false,false,false,false,,false,false,2023-08-06T08:15:00.000Z,0