CVE-2023-4440

CVSS 3.1 Score 7.0 of 10 (high)

Details

Published Aug 20, 2023
Updated: May 17, 2024
CWE ID 345

Summary

CVE-2023-4440 is a critical vulnerability identified in SourceCodester Free Hospital Management System for Small Practices 1.0. The issue lies within the appointment.php file, and an attacker can exploit it through manipulation of the sheduledate argument. This leads to SQL injection, allowing the attacker to gain unauthorized access to sensitive data. Remotely initiated attacks are possible, making this a significant security risk. The exploit for this vulnerability has been publicly disclosed, increasing the threat level. VDB-237561 is the identifier assigned to this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Electronjs Electron

Affected Vendors

  • Electronjs