vendor:
Hospital Management Startup
by:
nu11secur1ty
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Hospital Management Startup
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: CVE-2022-23366
CPE: a:kabirkhyrul:hospital_management_startup
Platforms Tested:
2022
Hospital Management Startup 1.0 – ‘loginid’ SQLi
The loginid and password parameters from Hospital Management Startup 1.0 appear to be vulnerable to SQL injection attacks. The attacker can retrieve all information from the administrator account of the system and he can use the information for malicious purposes! WARNING: If this is in some external domain, or some subdomain, or internal, this will be extremely dangerous!
Mitigation:
Input validation and sanitization should be used to prevent SQL injection attacks.