Project Worlds Hospital Management System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Project Worlds Hospital Management System version 1.0. The issue arises in the 'update_info.php' file, specifically within the 'getAllPatientDetail' function. The vulnerability is triggered by manipulating the 'appointment_no' GET parameter, allowing unauthorized access to sensitive patient information. The flaw is due to inadequate input sanitization and broken access control, enabling remote exploitation without authentication.

Impact

Exploitation of this vulnerability allows unauthorized users to access and extract sensitive patient data, including names, phone numbers, addresses, and medical conditions. Additionally, there is potential for modifying or deleting hospital records.

Reproduction

The vulnerability can be reproduced by sending a crafted request to 'update_info.php' with a manipulated 'appointment_no' parameter. This can be done using tools like 'curl' or 'sqlmap' to automate the injection and exploitation process.

Remediation

To address this vulnerability, it is recommended to use prepared statements for database queries, implement server-side access controls, and validate input by casting the 'appointment_no' parameter to an integer.