CVE Details
Basic Information
| Title | SourceCodester Open Source Clinic Management System login.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-06T03:31:06.026Z |
| Last Seen |
Product Information
| Vendor | SourceCodester |
|---|---|
| Product | Open Source Clinic Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical SQL injection vulnerability exists in the login.php file of SourceCodester Open Source Clinic Management System 1.0. Attackers can exploit this remotely by manipulating the ’email’ parameter, potentially gaining unauthorized access to the system. |
|---|---|
| AI Severity | High |
| Vendor | SourceCodester |
| Product | Open Source Clinic Management System |
| Affected Version | 1.0 |
Affected Products
- SourceCodester Open Source Clinic Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.