| 제목 | CodeZips Hospital Management System V1.0 SQL Injection |
|---|
| 설명 | During a security assessment of the “Hospital Management System (PHP & MySQL) with Source Code,” a critical SQL injection vulnerability was identified in the /suadpeted.php file by Emano888. The vulnerability stems from inadequate validation of the id parameter, enabling attackers to inject malicious SQL statements. This flaw allows unauthorized database access, manipulation or deletion of data, and exposure of sensitive information. Immediate remediation is necessary to safeguard system integrity and data confidentiality.A SQL injection vulnerability exists in the /suadpeted.php file of the Hospital Management System (PHP & MySQL) v1.0. The issue arises because the application directly incorporates user input from the id parameter into SQL queries without proper sanitization or validation. This lack of input handling allows attackers to manipulate SQL queries by injecting malicious code. |
|---|
| 원천 | ⚠️ https://github.com/emano888/CodeZips-Hospital-Management-System/blob/main/SQL_Injection_in_Hospital_Management_System.md |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 03. 14. PM 08:04 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 22. PM 02:36 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 300686 [CodeZips Hospital Management System 1.0 /suadpeted.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|