Campcodes Hospital Management System SQL Injection Vulnerability in Admin Dashboard Login
Vulnerability
A SQL injection vulnerability has been identified in Campcodes Hospital Management System version 1.0. The issue arises in the Admin Dashboard Login component, specifically within the /admin/ file. The vulnerability is caused by improper input sanitization of the Password argument, allowing for remote exploitation. This vulnerability has been publicly disclosed and is available as a proof-of-concept exploit.
Impact
Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate database queries, potentially leading to unauthorized data access or modification.
Reproduction
To reproduce this vulnerability, navigate to the admin login page of the Campcodes Hospital Management System. In the username and password fields, enter a payload that exploits the SQL injection vulnerability, such as 'OR 1=1'. This input bypasses authentication due to the application's failure to properly sanitize user input.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.