CVE-2021-35387 - Hospital Management System v4. SQL Injection Vulnerability in view-patient.php

A new vulnerability, CVE-2021-35387, has been discovered that affects Hospital Management System (HMS) version 4.. The vulnerability lies in the 'view-patient.php' administration file and allows attackers to perform unauthorized SQL Injection attacks on the target system. In this post, we will discuss the details of this vulnerability, including the code snippet where the vulnerability resides, original references, and the procedure to exploit it.

Description of the Vulnerability

Hospital Management System (HMS) is a popular web application for managing hospitals and patient records. Unfortunately, the application suffers from a critical SQL Injection vulnerability, which attackers can exploit to gain unauthorized access to sensitive patient data.

The vulnerability exists in the 'admin/view-patient.php' file, allowing an attacker to craft a malicious SQL query and manipulate the target system's database. This could result in exposure of confidential information, unauthorized data modification, and even complete system takeover.

The SQL Injection vulnerability lies in the following code snippet from 'admin/view-patient.php'

...
$id = intval($_GET['id']);
$sql = "SELECT * from tblpatients where ID= '".$_GET['id']."'";
$query = $dbh->prepare($sql);
$query->bindParam(':id', $id, PDO::PARAM_STR);
$query->execute();
$results = $query->fetchAll(PDO::FETCH_OBJ);
...

As seen in the code snippet above, the 'view-patient.php' file is directly using the '$_GET' variable in the SQL query without filtering it. This allows an attacker to craft a malicious SQL query and inject it into the database, exploiting the inherent vulnerability.

Details of this vulnerability can be found in the following sources

1. CVE Official Entry: MITRE provides a brief description and supports the risk assessment.

2. National Vulnerability Database (NVD): The NVD contains additional information about this vulnerability and supports vulnerability impact scoring.

3. Exploit Database: The Exploit Database provides a detailed analysis of the vulnerability, along with a specific exploit to demonstrate the vulnerability on target systems.

How to Exploit the Vulnerability

To exploit this vulnerability, an attacker can use an SQL Injection tool to test the target system and craft a malicious SQL query that targets the 'admin/view-patient.php' file. For instance, the attacker could craft a URL similar to the following example:

http://example.com/hospital/hms/admin/view-patient.php?id=1'; or '1'='1

This crafted URL would inject a malicious SQL query into the target system's database, bypassing any authentication and allowing unauthorized access to sensitive patient data.

Recommended Countermeasures

To mitigate the risk of this vulnerability being exploited, it is crucial to apply the following countermeasures:

Update the Hospital Management System to the latest version or apply any available security patches.

2. Filter user input and escape database queries, using prepared statements or parameterized queries to prevent SQL Injection attacks.

Conclusion

The CVE-2021-35387 vulnerability in the 'admin/view-patient.php' file of the Hospital Management System v4. poses a significant risk to sensitive patient data. It is critical to follow the recommended countermeasures to protect patient information, maintain confidentiality, and safeguard hospital systems.

Timeline

Published on: 10/28/2022 15:15:00 UTC
Last modified on: 10/28/2022 18:31:00 UTC