Cybersecurity specialists report the discovery of a critical vulnerability in Medisol, a medical services management system developed by the technology firm Codester. The flaw has yet to be addressed by the manufacturer, so a potential attack in the wild is feared.

According to the report, the security flaw exists due to the inappropriate user-supplied data debugging in the “Password” parameter. Remote threat actors can send specially crafted requests to the affected application aiming to run arbitrary SQL commands within the target application database. The flaw has not yet received a CVE tracking key.

The vulnerability received a Common Vulnerability Scoring System (CVSS) of 9/10 and its successful exploitation would allow malicious hackers to read, modify or even delete data in an affected database.

This flaw resides in Medisol Doctors Patients Management System v1.0 and there are no security patches. Importantly, the flaw can be remotely triggered by unauthenticated threat actors, although no active exploitation attempts have been detected so far.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Zero day vulnerability in Codester Medisol, a doctors’ patient management system appeared first on Information Security Newspaper | Hacking News.

You May Also Like

Critical vulnerability in cPanel; thousands of websites affected

Cybersecurity specialists report remote code execution (RCE) vulnerability detection and privilege escalation…

Details of CVE-2021-44228 & CVE-2021-45046, the two new Log4j vulnerabilities affecting millions of devices

On December 10, the detection of a critical vulnerability in the Log4j…

5 vulnerabilities patched in VMWare Cloud Foundation (ESXi). Update immediately

Cybersecurity specialists report the detection of multiple vulnerabilities in VMware Cloud Foundation…

Critical OpenSSL vulnerability CVE-2022-2274 allows threat actors to remotely run code on your servers and encrypt them

OpenSSL is a famous cryptography library that provides an open source implementation…