CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4181 – SourceCodester Free Hospital Management System for Small Practices Redirect behavioral workflow
https://notcve.org/view.php?id=CVE-2023-4181
06 Aug 2023 — A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. • https://github.com/Yesec/Free-Hospital-Management-System-for-Small-Practices/blob/main/vertical%20privilege%20escalation/vuln.md • CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4180 – SourceCodester Free Hospital Management System for Small Practices login.php sql injection
https://notcve.org/view.php?id=CVE-2023-4180
06 Aug 2023 — A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file /vm/login.php. The manipulation of the argument useremail/userpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yesec/Free-Hospital-Management-System-for-Small-Practices/blob/main/SQL%20Injection%20in%20login.php/vuln.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4179 – SourceCodester Free Hospital Management System for Small Practices sql injection
https://notcve.org/view.php?id=CVE-2023-4179
06 Aug 2023 — A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. • https://github.com/Yesec/Free-Hospital-Management-System-for-Small-Practices/blob/main/SQL%20Injection%20in%20doctors.php/vuln.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •