Cybersecurity specialists report the discovery of a critical vulnerability in Medisol, a medical services management system developed by the technology firm Codester. The flaw has yet to be addressed by the manufacturer, so a potential attack in the wild is feared.
According to the report, the security flaw exists due to the inappropriate user-supplied data debugging in the “Password” parameter. Remote threat actors can send specially crafted requests to the affected application aiming to run arbitrary SQL commands within the target application database. The flaw has not yet received a CVE tracking key.
The vulnerability received a Common Vulnerability Scoring System (CVSS) of 9/10 and its successful exploitation would allow malicious hackers to read, modify or even delete data in an affected database.
This flaw resides in Medisol Doctors Patients Management System v1.0 and there are no security patches. Importantly, the flaw can be remotely triggered by unauthenticated threat actors, although no active exploitation attempts have been detected so far.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.