| Title | SourceCodester Clinics Patient Management System 2.0 SQL Injection |
|---|
| Description | A Unauthenticated SQL injection vulnerability was identified in SourceCodesters Clinic's Patient Management System - PHP allow full database access
this vulnerability lies in the the print_diseases.php which use some paramter **disease/from/to** all this GET paramter is vulnerable with SQL injection any malicious threat actor can directly exploit this vulnerablity without any authentication which lead database access
Affected Project: Sourcecodester Clinic's Patient Management System - PHP 2.0
Official Website: Sourcecodester Clinic's Patient Management System
Version: 2.0
vulnerable code: /print_diseases.php
POC:
`sqlmap -u "http://x.x.x.x/print_diseases.php?from=1&to=1&disease=1" --batch`
|
|---|
| Source | ⚠️ https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-SQLi.md |
|---|
| User | guru (UID 74056) |
|---|
| Submission | 09/04/2024 01:46 PM (2 years ago) |
|---|
| Moderation | 09/07/2024 07:58 AM (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 276785 [SourceCodesters Clinics Patient Management System 2.0 /print_diseases.php disease/from/to sql injection] |
|---|
| Points | 20 |
|---|