CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2023-4181 – SourceCodester Free Hospital Management System for Small Practices Redirect behavioral workflow
https://notcve.org/view.php?id=CVE-2023-4181
A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. • https://github.com/Yesec/Free-Hospital-Management-System-for-Small-Practices/blob/main/vertical%20privilege%20escalation/vuln.md https://vuldb.com/?ctiid.236216 https://vuldb.com/?id.236216 • CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4180 – SourceCodester Free Hospital Management System for Small Practices login.php sql injection
https://notcve.org/view.php?id=CVE-2023-4180
A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file /vm/login.php. The manipulation of the argument useremail/userpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yesec/Free-Hospital-Management-System-for-Small-Practices/blob/main/SQL%20Injection%20in%20login.php/vuln.md https://vuldb.com/?ctiid.236215 https://vuldb.com/?id.236215 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4179 – SourceCodester Free Hospital Management System for Small Practices sql injection
https://notcve.org/view.php?id=CVE-2023-4179
A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. • https://github.com/Yesec/Free-Hospital-Management-System-for-Small-Practices/blob/main/SQL%20Injection%20in%20doctors.php/vuln.md https://vuldb.com/?ctiid.236214 https://vuldb.com/?id.236214 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •