Submit #812010: Project Worlds Hospital Management System In PHP Latest SQL Injectioninfo

TitleProject Worlds Hospital Management System In PHP Latest SQL Injection
DescriptionA critical unauthenticated SQL injection vulnerability exists in the Hospital Management System 1.0 by Project Worlds. The flaw is located in the update_info.php file via the appointment_no GET parameter. Due to improper sanitization and a broken access control mechanism (missing exit() after a JavaScript redirect), an unauthenticated attacker can execute arbitrary SQL commands, leading to unauthorized data access and potential database compromise. The vendor has been notified via GitHub issue: https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/8
Source⚠️ https://github.com/lutherping/CVE
User
 luther (UID 97566)
Submission04/24/2026 07:15 (3 months ago)
Moderation05/17/2026 12:02 (23 days later)
StatusAccepted
VulDB entry364409 [projectworlds hospital-management-system-in-php 1.0 GET Parameter update_info.php getAllPatientDetail appointment_no sql injection]
Points20

Do you need the next level of professionalism?

Upgrade your account now!