Nahiduddinahammed Hospital Management System SQL Injection Vulnerability in Delete Function

A SQL injection vulnerability has been identified in the Nahiduddinahammed Hospital Management System Website, specifically in versions up to e6562429e14b2f88bd2139cae16e87b965024097. The issue arises in the delete.php file, where the 'ai' argument is manipulated, leading to unauthorized SQL command execution. This vulnerability can be exploited remotely, allowing attackers to delete user data from the dashboard table by injecting malicious input that is not properly sanitized before being included in SQL queries.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to the database. In this case, the vulnerability could be exploited to delete user data from the dashboard table, potentially leading to loss of important information and disruption of service.

Reproduction

To reproduce this vulnerability, send a request to the delete.php file with a crafted 'ai' argument that includes SQL injection payloads, such as those that manipulate SQL query logic. The injected SQL will be executed by the application, allowing for unauthorized data deletion.