cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-5587,https://securityvulnerability.io/vulnerability/CVE-2023-5587,SourceCodester Free Hospital Management System for Small Practices Parameter doctors.php sql injection,"A SQL injection vulnerability exists in the SourceCodester Free Hospital Management System for Small Practices 1.0, primarily affecting the file /vm/admin/doctors.php. By manipulating the 'search' parameter, an attacker can execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data. This exploitation can occur remotely, posing significant security risks to database integrity and confidentiality. The issue has been publicly disclosed, increasing the likelihood of exploitation by malicious actors.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.0014100000262260437,false,,false,false,false,,,false,false,,2023-10-15T22:15:00.000Z,0
CVE-2023-4444,https://securityvulnerability.io/vulnerability/CVE-2023-4444,SourceCodester Free Hospital Management System for Small Practices edit-user.php sql injection,"A SQL injection vulnerability exists in the Free Hospital Management System for Small Practices due to improper input validation in the file responsible for user data editing. This flaw enables attackers to manipulate user-provided parameters, such as id00, nic, oldemail, email, and Tele, to execute arbitrary SQL commands on the database. The vulnerability can be exploited remotely, exposing sensitive data and allowing unauthorized access to the database. Prompt updates and security measures are essential to mitigate any risks associated with this exposure.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.0074800001457333565,false,,false,false,false,,,false,false,,2023-08-21T01:15:00.000Z,0
CVE-2023-4443,https://securityvulnerability.io/vulnerability/CVE-2023-4443,SourceCodester Free Hospital Management System for Small Practices edit-doc.php sql injection,"An SQL injection vulnerability has been discovered in the SourceCodester Free Hospital Management System, specifically within the edit-doc.php file located in the vm/doctor directory. This issue arises when specific parameters, including id00, nic, oldemail, email, and spec, are manipulated. An attacker can exploit this flaw remotely, allowing unauthorized access to the database, which can lead to potential data exposure or corruption. It is crucial for organizations using affected versions to apply security patches and mitigate this risk immediately.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.005179999861866236,false,,false,false,false,,,false,false,,2023-08-21T01:15:00.000Z,0
CVE-2023-4441,https://securityvulnerability.io/vulnerability/CVE-2023-4441,SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection,"A vulnerability in the SourceCodester Free Hospital Management System for Small Practices version 1.0 was discovered, impacting the /patient/appointment.php file. This issue arises from improper validation of the 'scheduledate' parameter, allowing attackers to execute SQL injection attacks remotely. Successful exploitation could compromise the integrity and confidentiality of the database, potentially leading to unauthorized access to sensitive information.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.002369999885559082,false,,false,false,false,,,false,false,,2023-08-21T00:15:00.000Z,0
CVE-2023-4442,https://securityvulnerability.io/vulnerability/CVE-2023-4442,SourceCodester Free Hospital Management System for Small Practices booking-complete.php sql injection,"A vulnerability affecting the SourceCodester Free Hospital Management System for Small Practices 1.0 has been identified, which allows for SQL injection through the manipulation of arguments in the file \vm\patient\booking-complete.php. Attackers can exploit this weakness remotely by crafting requests that modify the 'userid', 'appnum', or 'scheduleid' parameters, leading to unauthorized database access or manipulation. This issue poses a significant security risk, especially since it has been publicly disclosed, allowing potential exploitation by malicious entities.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.005179999861866236,false,,false,false,false,,,false,false,,2023-08-21T00:15:00.000Z,0
CVE-2023-4440,https://securityvulnerability.io/vulnerability/CVE-2023-4440,SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection,"An SQL injection vulnerability exists in SourceCodester's Free Hospital Management System for Small Practices version 1.0. The issue resides in the processing of the 'sheduledate' argument within the appointment.php file. An attacker can exploit this vulnerability remotely by manipulating the relevant input, potentially gaining unauthorized access to the database. This could lead to exposure of sensitive data, making it imperative for users to assess their systems and implement appropriate security measures.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.005179999861866236,false,,false,false,false,,,false,false,,2023-08-20T23:15:00.000Z,0
CVE-2023-4181,https://securityvulnerability.io/vulnerability/CVE-2023-4181,SourceCodester Free Hospital Management System for Small Practices Redirect behavioral workflow,"A vulnerability has been identified in SourceCodester's Free Hospital Management System for Small Practices, specifically in the component responsible for redirect handling. This issue allows an attacker to manipulate certain functionalities, leading to potential enforcement of unauthorized behavioral workflows. The vulnerability affects the file located at /vm/admin/delete-doctor.php, which can be exploited remotely. This public exploit poses a significant risk to users of the system, as it may enable malicious actors to alter operational processes without proper authorization.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.014019999653100967,false,,false,false,false,,,false,false,,2023-08-06T09:15:00.000Z,0
CVE-2023-4179,https://securityvulnerability.io/vulnerability/CVE-2023-4179,SourceCodester Free Hospital Management System for Small Practices sql injection,"A SQL injection vulnerability has been identified in the Free Hospital Management System for Small Practices, specifically in the doctors.php file where an unknown function processes the 'id' argument. This security flaw can be exploited remotely, potentially allowing attackers to manipulate database queries. The issue has been publicly disclosed and demonstrates a significant risk to the integrity of the application. Users are advised to implement mitigations to secure their systems against this vulnerability.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.005669999867677689,false,,false,false,false,,,false,false,,2023-08-06T08:15:00.000Z,0
CVE-2023-4180,https://securityvulnerability.io/vulnerability/CVE-2023-4180,SourceCodester Free Hospital Management System for Small Practices login.php sql injection,"A vulnerability has been identified within the SourceCodester Free Hospital Management System for Small Practices 1.0 that permits remote attackers to exploit an inadequate validation of user inputs in the login.php file. This flaw allows manipulation of the useremail and userpassword parameters, potentially leading to unauthorized SQL queries. With this vulnerability being publicly disclosed, it poses significant risks to the integrity of the system, allowing attackers to compromise sensitive data.",SourceCodester,Free Hospital Management System for Small Practices,9.8,CRITICAL,0.005669999867677689,false,,false,false,false,,,false,false,,2023-08-06T08:15:00.000Z,0