CVE-2022-2298

HIGH

Clinic's Patient Management System 2.0 - SQL Injection via Login Page user_name Parameter

Title source: llm

Description

A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the argument user_name with the input admin' or '1'='1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

References (2)

Core 2

Core References

Various Sources x_refsource_misc

https://github.com/CyberThoth/CVE/blob/63e283e7d7dad3783237f15cdae2bb649bc1e198/CVE/Clinic%27s%20Patient%20Management%20System/SQLi/POC.md

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_misc

https://vuldb.com/?id.203179

Scores

CVSS v3 7.3

EPSS 0.0080

EPSS Percentile 51.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

oretnom23/clinic\'s_patient_management_system 2.0

Published Jul 12, 2022

Tracked Since Feb 18, 2026