CVE-2021-43628
📋 TL;DR
CVE-2021-43628 is a critical SQL injection vulnerability in Projectworlds Hospital Management System v1.0 that allows attackers to execute arbitrary SQL commands via the email parameter in hms-staff.php. This affects all deployments of this specific version of the open-source hospital management software. Attackers can potentially access, modify, or delete sensitive medical and administrative data.
💻 Affected Systems
- Projectworlds Hospital Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to exposure of all patient records, medical data, staff credentials, and potential remote code execution on the database server.
Likely Case
Unauthorized access to sensitive patient data, modification of medical records, extraction of user credentials, and potential privilege escalation.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only allowing data viewing without modification.
🎯 Exploit Status
SQL injection via email parameter is straightforward to exploit. Public GitHub issues demonstrate the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2
Restart Required: No
Instructions:
1. Review the GitHub issue for community fixes
2. Manually implement parameterized queries or input validation
3. Replace vulnerable code with secure alternatives
4. Test thoroughly before deployment
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd server-side validation for email parameter to reject SQL injection attempts
Modify hms-staff.php to validate email format and sanitize input
Web Application Firewall (WAF)
allDeploy WAF rules to block SQL injection patterns in email parameter
Configure WAF to detect and block SQL injection in POST/GET parameters
🧯 If You Can't Patch
- Isolate the system from internet access and restrict to internal network only
- Implement strict network segmentation and monitor all database access attempts
🔍 How to Verify
Check if Vulnerable:
Test the email parameter in hms-staff.php with SQL injection payloads like ' OR '1'='1Check Version:
Check the software version in the source code or configuration filesVerify Fix Applied:
Attempt SQL injection after fixes and verify no database errors or unauthorized access occurs📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple failed login attempts with SQL patterns
- Database queries with unusual syntax from web server
Network Indicators:
- HTTP requests to hms-staff.php with SQL keywords in parameters
- Unusual database traffic patterns
SIEM Query:
source="web_logs" AND uri="*hms-staff.php*" AND (param="*email=*OR*" OR param="*email=*UNION*" OR param="*email=*SELECT*")🔗 References
- https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2
- https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/
- https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2
- https://projectworlds.in/free-projects/php-projects/hospital-management-system-in-php/
