ponaravindb Hospital Management System SQL Injection Vulnerability in Doctor Panel

A critical SQL injection vulnerability has been identified in ponaravindb Hospital Management System version 1.0. The issue resides in the doctor panel, specifically within the file doctor-panel.php. The vulnerability allows remote attackers to manipulate the ID parameter, leading to unauthorized SQL query execution. This could result in the disclosure of sensitive information from the application's database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a GET request to doctor-panel.php with the ID parameter. The request can be made using a web browser or a tool like sqlmap, which automates the process of finding and exploiting SQL injection vulnerabilities.