| शीर्षक | code-projects code-projects Online Hospital Management System 1.0 1.0 SQL Injection |
|---|
| विवरण | Online Hospital Management System (https://code-projects.org/online-hospital-management-system-in-php-with-source-code/) contains an unauthenticated SQL injection vulnerability in the file patient.php. The GET parameter 'editid' is directly concatenated into both SELECT and UPDATE SQL queries without any sanitization or parameterized query protection. This allows any remote attacker, without prior authentication, to inject arbitrary SQL code. By exploiting the SELECT query, an attacker can extract sensitive data from the database (including admin credentials) using UNION-based or blind SQL injection techniques. By exploiting the UPDATE query, an attacker can modify or overwrite all records in the 'patient' table by injecting conditions that affect every row. The vulnerability can lead to full compromise of patient data, unauthorized administrative access, and potential destruction of the application's database. |
|---|
| स्रोत | ⚠️ https://github.com/aiyuyuyu/cve/blob/main/patient_sql.md |
|---|
| उपयोगकर्ता | yuyuyu (UID 97935) |
|---|
| सबमिशन | 06/05/2026 04:43 AM (29 दिन पहले) |
|---|
| संयम | 30/05/2026 06:37 PM (25 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367467 [code-projects Online Hospital Management System 1.0 /patient.php editid SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|