Hospital Bed Management System
Monthly
SQL injection in the Login Form of code-projects Hospital Bed Management System 1.0 exposes unauthenticated remote attackers to database manipulation via the Username parameter. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms trivial, unauthenticated network exploitation with no user interaction, and the E:P modifier reflects a publicly available proof-of-concept on Gitee. While not listed in CISA KEV, the low barrier to exploitation combined with a public POC elevates practical urgency for any organization running this software, despite the product's niche footprint.
SQL injection in the Login Form of code-projects Hospital Bed Management System 1.0 exposes unauthenticated remote attackers to database manipulation via the Username parameter. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms trivial, unauthenticated network exploitation with no user interaction, and the E:P modifier reflects a publicly available proof-of-concept on Gitee. While not listed in CISA KEV, the low barrier to exploitation combined with a public POC elevates practical urgency for any organization running this software, despite the product's niche footprint.