Affected Product(s): - Medical Center Portal Management System using PHP/MySQL Vendor Homepage: - https://www.sourcecodester.com/php/14594/medical-center-portal-management-system.html Affected Version(s): - V1.0 Vulnerable File: - /login.php Software Link: - https://www.sourcecodester.com/download-code?nid=14594&title=Medical+Center+Portal+Management+System+using+PHP%2FMySQL Vulnerability Type: - SQL injection Root Cause: - A SQL injection vulnerability was found in the '/login.php' file of the 'Medical Center Portal Management System' project. The reason for this issue is that attackers inject malicious code from the parameter 'user' and use it directly in SQL queries without the need for appropriate cleaning or validation. Impact: - Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity. Description: - During the security review of "Medical Center Portal Management System in PHP/MySQL", a critical SQL injection vulnerability was found in the "/login.php" file. This vulnerability stems from insufficient user input validation of the 'user' parameter, allowing attackers to inject malicious SQL queries. Vulnerability details and POC: - The provided POC details show how an attacker can exploit the SQL injection vulnerability to extract information from the database. The payload and screenshots demonstrate the successful execution of the attack using tools like sqlmap. Suggested Repair: 1. Use prepared statements and parameter binding. 2. Input validation and filtering. 3. Minimize database user permissions. 4. Regular security audits.