CVE-2023-37069
CVSS V2 None
CVSS V3 None
Description
Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code.
Overview
- CVE ID
- CVE-2023-37069
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-08-10T13:15:10
- Last Modified Date
- 2023-08-15T17:50:23
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:online_hospital_management_system_project:online_hospital_management_system:1.0:*:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://code-projects.org/online-hospital-management-system-in-php-with-source-code/ | Product |
| https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37069-Exploit.md | Exploit Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-37069 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37069 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-09-06 03:28:06 | Added to TrackCVE | |||
| 2023-09-06 03:28:09 | Weakness Enumeration | new |