{"id":6520,"date":"2025-06-06T07:06:01","date_gmt":"2025-06-06T07:06:01","guid":{"rendered":"http:\/\/localhost\/?p=6520"},"modified":"2025-06-06T07:06:01","modified_gmt":"2025-06-06T07:06:01","slug":"sourcecodester-open-source-clinic-management-system-doctorphp-sql-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6520","title":{"rendered":"SourceCodester Open Source Clinic Management System doctor.php sql injection"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nSourceCodester Open Source Clinic Management System doctor.php sql injection<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-06T11:00:17.020Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nSourceCodester<\/td>\n<\/tr>\n
Product<\/th>\nOpen Source Clinic Management System<\/td>\n<\/tr>\n
Version<\/th>\n1.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n6.9 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA SQL injection vulnerability in SourceCodester’s Open Source Clinic Management System 1.0 allows remote attackers to inject malicious SQL code via the doctorname parameter in doctor.php. This could lead to unauthorized data access or modification.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nSourceCodester<\/td>\n<\/tr>\n
Product<\/th>\nOpen Source Clinic Management System<\/td>\n<\/tr>\n
Affected Version<\/th>\n1.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n