// For flags

CVE-2023-3810

Hospital Management System patientappointment.php sql injection

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file patientappointment.php. The manipulation of the argument loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/city leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235078 is the identifier assigned to this vulnerability.

Se ha encontrado una vulnerabilidad en Hospital Management System v1.0. Ha sido declarada como crítica. Esta vulnerabilidad afecta a código desconocido del fichero "patientappointment.php". La manipulación del argumento "loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/city" conduce a una inyección SQL. El ataque puede iniciarse de forma remota. El exploit ha sido revelado al público y puede ser utilizado. VDB-235078 es el identificador asignado a esta vulnerabilidad.

In Hospital Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei patientappointment.php. Durch Manipulieren des Arguments loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/city mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-07-20 CVE Reserved
  • 2023-07-21 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-08-02 First Exploit
  • 2024-08-22 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hospital Management System Project
Search vendor "Hospital Management System Project"
Hospital Management System
Search vendor "Hospital Management System Project" for product "Hospital Management System"
1.0
Search vendor "Hospital Management System Project" for product "Hospital Management System" and version "1.0"
-
Affected