PHIMS - Hospital Management Information System - 'Password' SQL Injection

vendor:

PHIMS - Hospital Management Information System

by:

Borna nematzadeh

5.5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: PHIMS - Hospital Management Information System

Affected Version From: All versions

Affected Version To: All versions

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Web

2018

The vulnerability allows an attacker to inject sql commands.

Implement proper input validation and parameterized queries to prevent SQL injection attacks.

Source