Cybersecurity specialists report the discovery of a critical vulnerability in Medisol, a medical services management system developed by the technology firm Codester. The flaw has yet to be addressed by the manufacturer, so a potential attack in the wild is feared.

According to the report, the security flaw exists due to the inappropriate user-supplied data debugging in the “Password” parameter. Remote threat actors can send specially crafted requests to the affected application aiming to run arbitrary SQL commands within the target application database. The flaw has not yet received a CVE tracking key.

The vulnerability received a Common Vulnerability Scoring System (CVSS) of 9/10 and its successful exploitation would allow malicious hackers to read, modify or even delete data in an affected database.

This flaw resides in Medisol Doctors Patients Management System v1.0 and there are no security patches. Importantly, the flaw can be remotely triggered by unauthenticated threat actors, although no active exploitation attempts have been detected so far.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Zero day vulnerability in Codester Medisol, a doctors’ patient management system appeared first on Information Security Newspaper | Hacking News.

You May Also Like

Google experts discover a new and more powerful variant of Rowhammer attacks

Google Project Zero researchers revealed the discovery of a new Rowhammer attack…

Critical vulnerability in OpenSSL library would allow DoS attacks on millions of applications

OpenSSL announced the release of an update to address a severe vulnerability…

Exploitation code for CVE-2022-1388 available: Critical remote code execution vulnerability in F5 Network management tools

A few days ago, the security teams of F5 Networks reported the…