Impact
The vulnerability allows an attacker to manipulate the loginid argument in the /adminprofile.php page of itsourcecode Hospital Management System 1.0, enabling SQL injection. This flaw can be triggered remotely and has already been publicly disclosed, which means that an attacker could execute arbitrary SQL statements against the backend database, potentially reading, modifying or deleting sensitive data. The weakness is associated with CWE-74 and CWE-89, indicating a lack of input validation and unsafe query construction.
Affected Systems
The affected product is itsourcecode Hospital Management System version 1.0. No other versions were listed, so this specific release is at risk. The vulnerability resides in an unknown function within the adminprofile.php file, and due to the lack of additional component information, only the overall system is identified as affected.
Risk and Exploitability
The CVSS score of 5.1 classifies the issue as moderate in severity. EPSS information is not available, and the vulnerability is not listed in CISA KEV, suggesting no known active exploitation campaigns at this time. However, because the attack can be initiated remotely via a crafted loginid parameter, the potential for misuse remains. Successful exploitation would require network access to the web interface and the ability to send HTTP requests, but no local privilege escalation or authentication bypass is required to trigger the injection.
OpenCVE Enrichment