Login Sign Up

CVE-2023-41527

9.8 CRITICAL
SQL Injection Authentication Bypass

📋 TL;DR

This SQL injection vulnerability in Hospital Management System v4 allows attackers to execute arbitrary SQL commands through the password2 parameter. Attackers can potentially access, modify, or delete sensitive hospital data including patient records. All deployments of Hospital Management System v4 are affected.

💻 Affected Systems

Products:
  • Hospital Management System
Versions: Version 4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable.

📦 What is this software?

Hospital Management System by Kishan0725

View all CVEs affecting Hospital Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to theft of all patient medical records, financial data, and administrative credentials, potentially enabling ransomware deployment across the entire system.

🟠

Likely Case

Unauthorized access to patient records and administrative data, credential theft, and potential data manipulation affecting patient care.

🟢

If Mitigated

Limited data exposure if proper input validation and database permissions are implemented, though system integrity remains at risk.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is in a publicly accessible parameter and requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Implement parameterized queries and input validation in func.php.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add input validation and parameterized queries to the password2 parameter handling in func.php

Modify func.php to use prepared statements: $stmt = $conn->prepare('SELECT * FROM users WHERE password2 = ?'); $stmt->bind_param('s', $password2);

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection protection rules

🧯 If You Can't Patch

  • Isolate the Hospital Management System from internet access and restrict internal network access
  • Implement strict database permissions and monitor for unusual SQL queries

🔍 How to Verify

Check if Vulnerable:

Test the password2 parameter with SQL injection payloads like ' OR '1'='1 in the login or password reset functionality

Check Version:

Check the system version in the admin panel or configuration files

Verify Fix Applied:

Attempt SQL injection attacks against the password2 parameter and verify they are blocked or sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts with SQL-like patterns in password2 parameter

Network Indicators:

  • HTTP requests containing SQL keywords in password2 parameter
  • Unusual database connection patterns

SIEM Query:

source="web_logs" AND (password2 CONTAINS "' OR" OR password2 CONTAINS "UNION" OR password2 CONTAINS "SELECT *")

📊 Metadata

CVE ID: CVE-2023-41527
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
EPSS Score: 0.04% exploit probability (10.2th percentile)
Published: August 7, 2025
Last Updated: August 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41527, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)