Enviar #812010: Project Worlds Hospital Management System In PHP Latest SQL Injectioninformación

TítuloProject Worlds Hospital Management System In PHP Latest SQL Injection
DescripciónA critical unauthenticated SQL injection vulnerability exists in the Hospital Management System 1.0 by Project Worlds. The flaw is located in the update_info.php file via the appointment_no GET parameter. Due to improper sanitization and a broken access control mechanism (missing exit() after a JavaScript redirect), an unauthenticated attacker can execute arbitrary SQL commands, leading to unauthorized data access and potential database compromise. The vendor has been notified via GitHub issue: https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/8
Fuente⚠️ https://github.com/lutherping/CVE
Usuario
 luther (UID 97566)
Sumisión2026-04-24 07:15 (hace 1 mes)
Moderación2026-05-17 12:02 (23 days later)
EstadoAceptado
Entrada de VulDB364409 [projectworlds hospital-management-system-in-php 1.0 GET Parameter update_info.php getAllPatientDetail appointment_no inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!