vendor:
Medical Center Portal Management System
by:
Aydın Baran Ertemir
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Medical Center Portal Management System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:sourcecodester:medical_center_portal_management_system:1.0
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Kali Linux
2020
Medical Center Portal Management System 1.0 – ‘login’ SQL Injection
Medical Center Portal Management System 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by sending a specially crafted HTTP POST request to the processlogin.php page with malicious SQL queries in the user and password parameters.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
