CVE Details
Basic Information
| Title | SourceCodester Open Source Clinic Management System doctor.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-06T11:00:17.020Z |
| Last Seen |
Product Information
| Vendor | SourceCodester |
|---|---|
| Product | Open Source Clinic Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability in SourceCodester’s Open Source Clinic Management System 1.0 allows remote attackers to inject malicious SQL code via the doctorname parameter in doctor.php. This could lead to unauthorized data access or modification. |
|---|---|
| AI Severity | Medium |
| Vendor | SourceCodester |
| Product | Open Source Clinic Management System |
| Affected Version | 1.0 |
Affected Products
- SourceCodester Open Source Clinic Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.