SourceCodester Hospitals Patient Records Management System manage_history.php sql injection

Vulnerability

A SQL injection vulnerability exists in SourceCodester Hospitals Patient Records Management System version 1.0. The flaw resides in the file /admin/patients/manage_history.php, where the id parameter is taken directly from the HTTP GET request and concatenated into SQL queries without proper sanitization or validation. This allows an attacker to inject malicious SQL statements. The vulnerability is present in the publicly available version 1.0 of the software [1].

Exploitation

An attacker can exploit this vulnerability remotely without requiring any authentication or prior authorization. The attack is performed by sending a crafted HTTP GET request to the vulnerable endpoint with a malicious payload in the id parameter. The reference includes a proof-of-concept payload that demonstrates time-based blind SQL injection, allowing the attacker to extract data character by character [1].

Impact

Successful exploitation enables an attacker to perform unauthorized database operations, including reading, modifying, or deleting sensitive patient records. The attacker can gain access to the entire database, potentially leading to data leakage, data tampering, and full system compromise. The impact extends to service interruption and loss of data integrity, posing a serious threat to the confidentiality and availability of the system [1].

Mitigation

As of the publication date, no official patch or fixed version has been released by SourceCodester. The vendor has not acknowledged the vulnerability or provided a security update. Until a fix is available, administrators should implement input validation and parameterized queries on the affected endpoint, restrict network access to the admin panel, and consider using a web application firewall (WAF) to block SQL injection attempts. The product may be end-of-life or unsupported, so migration to a maintained alternative is recommended [1].