hosp_order hosp_order latest SQL Injectioninfo

Title	https://github.com/sfturing/hosp_order hosp_order latest SQL Injection
Description	Hosporder is an open-source hospital appointment registration system that contains unchecked controllable input, which is directly concatenated into the LIKE keyword in SQL statements, leading to SQL injection vulnerabilities. Under function cn.sfturing.dao.HospitalDao#findOrderHosNum. findOrderHosNum has unverified risk points '%${hospitalAddress}%' and '%${hospitalName}%'. From source 'Hospital hosp' which in function 'cn.sfturing.web.HospitalController#orderHos'. Then propagate to function 'cn.sfturing.service.impl.HospitalServiceImpl#findOrderHosNum'. Finally arrived at the taint sink 'cn.sfturing.dao.HospitalDao#findOrderHosNum'.
Source	⚠️ https://github.com/sfturing/hosp_order/issues/111
User	mukyuuhate (UID 93052)
Submission	12/24/2025 14:22 (4 months ago)
Moderation	01/04/2026 09:42 (11 days later)
Status	Accepted
VulDB entry	339483 [sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8 /ssm_pro/orderHos/ findOrderHosNum hospitalAddress/hospitalName sql injection]
Points	20

Do you need the next level of professionalism?

Upgrade your account now!