关键漏洞信息 CVE ID: CVE-2023-4440 Vulnerability ID: VDB-237561 Vendor and Product: SourceCodester Free Hospital Management System for Small Practices 1.0 Vulnerability Type: SQL Injection Vulnerable File: Impacted Argument: Severity: Critical Exploit Availability: Yes, Proof-of-Concept exploit available on GitHub. Publication Date: August 20, 2023 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Attack Technique: T1505 Impact: Confidentiality, Integrity, and Availability Description A vulnerability has been detected in SourceCodester Free Hospital Management System for Small Practices 1.0. Manipulating the argument in results in an SQL injection. The attack can be initiated remotely. Exploit Information The exploit is shared on GitHub and is a proof-of-concept. Vulnerable targets can be found using Google Hacking with the search term . Recommendation Replace the affected object with an alternative product, as no known countermeasures are available.