Impact
The vulnerability resides in the /doctorchangepassword.php file of itsourcecode Hospital Management System 1.0. Manipulating the newpassword parameter can trigger a SQL injection, allowing an attacker to alter database queries. This flaw can lead to unauthorized access or modification of patient data, compromising confidentiality and integrity.
Affected Systems
Vendors: itsourcecode. Product: Hospital Management System. Affected version: 1.0. No further version details provided.
Risk and Exploitability
The CVSS score of 5.3 indicates a moderate risk, and the EPSS score is not available, suggesting limited current exploitation data. The vulnerability is exploitable remotely via HTTP requests to doctorchangepassword.php, and a public exploit is available via GitHub. Because it is not listed in CISA’s KEV catalog, it has not yet been catalogued as a known exploited vulnerability, but its public availability warrants vigilance.
OpenCVE Enrichment