| Title | SourceCodester Online Hospital Management System Using PHP/MySQL V1.0 SQL Injection |
|---|
| Description | The fourth line of the departmentDoctor.php file uses the PHP method to retrieve user input from the $_GET element. Then, the value of this element will be passed to the code without proper purification or validation, and ultimately used for database queries in the PHP method on line 5 of the departmentDoctor.php file. This may lead to SQL injection attacks
ZhaoBin Huang has discovered that due to insufficient protection of the "deptid" parameter in the "\departmentDoctor.php" file, "Best courier management system project in php" there is a serious security vulnerability in the This vulnerability may be used to inject malicious SQL queries, resulting in unauthorized access and extraction of sensitive information from the database.database. |
|---|
| Source | ⚠️ https://github.com/CveSecLook/cve/issues/41 |
|---|
| User | ZhaoBin Huang (UID 69070) |
|---|
| Submission | 05/23/2024 14:10 (2 years ago) |
|---|
| Moderation | 05/25/2024 08:08 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 266274 [SourceCodester Online Hospital Management System 1.0 departmentDoctor.php deptid sql injection] |
|---|
| Points | 20 |
|---|