CVE-2023-7172

HIGH LAB

Phpgurukul Hospital Management System - SQL Injection

Title source: rule

Description

A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356.

Exploits (1)

nomisec WORKING POC 6 stars

by sharathc213 · poc

https://github.com/sharathc213/CVE-2023-7172

View Code ZIP pw:eip

References (4)

Core 4

Core References

Third Party Advisory vdb-entry

https://vuldb.com/?id.249356

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.249356

Exploit, Third Party Advisory related

https://drive.google.com/file/d/11DHRUjvOF0yV24I4JlZ0X1RE4V-mcood/view?usp=sharing

Exploit, Third Party Advisory exploit

https://github.com/sharathc213/CVE-2023-7172

Scores

CVSS v3 7.3

EPSS 0.0168

EPSS Percentile 82.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Lab Environment

COMMUNITY

Community Lab

docker pull mysql:8.0

https://github.com/sharathc213/CVE-2023-7172

View in Library

Details

CWE

CWE-89

Status published

Products (1)

phpgurukul/hospital_management_system 1.0

Published Dec 30, 2023

Tracked Since Feb 18, 2026