CVE-2021-44095 – CVE-2021-44095 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2021-44095?

CVE-2021-44095 has a CVSS score of 9.8 (CRITICAL). CVE-2021-44095 is a critical SQL injection vulnerability in ProjectWorlds Hospital Management System in PHP 1.0 that allows remote attackers to execute arbitrary SQL commands on the login page. This can lead to complete compromise of the application database, including data theft, modification, or deletion. Any organization using this specific software version is affected.

📋 TL;DR

CVE-2021-44095 is a critical SQL injection vulnerability in ProjectWorlds Hospital Management System in PHP 1.0 that allows remote attackers to execute arbitrary SQL commands on the login page. This can lead to complete compromise of the application database, including data theft, modification, or deletion. Any organization using this specific software version is affected.

💻 Affected Systems

Products:

ProjectWorlds Hospital Management System in PHP

Versions: Version 1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation on the login.php page. No special configuration is required for exploitation.

📦 What is this software?

Hospital Management System by Hospital Management System Project

View all CVEs affecting Hospital Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, data destruction, privilege escalation to admin access, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized access to sensitive patient and hospital data, including medical records, personal information, and administrative credentials.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection, though other vulnerabilities may still exist.

🌐 Internet-Facing: HIGH - The vulnerability exists on the login page which is typically internet-facing, allowing remote attackers to exploit it without network access.

🏢 Internal Only: MEDIUM - If the system is only accessible internally, risk is reduced but still significant due to potential insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires no authentication and can be performed with simple SQL injection payloads. Public proof-of-concept code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Review the GitHub repository for any updates or patches. 2. Manually implement parameterized queries in login.php. 3. Replace raw SQL queries with prepared statements using PDO or mysqli. 4. Implement proper input validation and sanitization.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection protection rules to block malicious payloads before they reach the application.

Input Validation Filter

all

Implement server-side input validation to reject SQL injection patterns in login fields.

Add to login.php: if(preg_match('/[\'\"\;\-\-\/\*\=]/', $_POST['username'])) { die('Invalid input'); }

🧯 If You Can't Patch

Isolate the system behind a firewall with strict access controls and monitor all database queries.
Implement database monitoring and alerting for unusual SQL patterns or unauthorized access attempts.

🔍 How to Verify

Check if Vulnerable:

Test the login page with SQL injection payloads like: ' OR '1'='1 in username field. If login succeeds without valid credentials, system is vulnerable.

Check Version:

Check the software version in the application interface or review the source code for version indicators.

Verify Fix Applied:

Attempt the same SQL injection payloads after implementing fixes. Login should fail with invalid credentials and no database errors should be exposed.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts with SQL patterns
Successful logins from unusual IP addresses

Network Indicators:

HTTP POST requests to login.php containing SQL keywords
Unusual database connection patterns

SIEM Query:

source="web_logs" AND uri="/login.php" AND (request CONTAINS "' OR" OR request CONTAINS "'--" OR request CONTAINS "UNION")

📊 Metadata

CVE ID: CVE-2021-44095

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: June 2, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/projectworldsofficial/hospital-management-system-in-php Product,Third Party Advisory
https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/1 Exploit,Issue Tracking,Third Party Advisory
https://medium.com/%40shubhamvpandey/cve-2021-44095-481059d14470
https://github.com/projectworldsofficial/hospital-management-system-in-php Product,Third Party Advisory
https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/1 Exploit,Issue Tracking,Third Party Advisory
https://medium.com/%40shubhamvpandey/cve-2021-44095-481059d14470

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-44095, you might also want to check these: