### Key Information - **Vulnerability Title**: SourceCodester Eye Clinic Management System V1.0 SQL Injection - **Description**: - During a security review of "Eye Clinic Management System in PHP With Source Code", WeQi discovered a critical SQL injection vulnerability in the file `/main/search_index_Diagnosis.php`. - The vulnerability arises from insufficient validation of user input for the `search` parameter, allowing attackers to inject malicious SQL queries. - Attackers can exploit this vulnerability to gain unauthorized access to the database, modify or delete data, and access sensitive information. - Immediate remediation is required to ensure system security and protect data integrity. - **Cause**: - Attackers can directly inject malicious code into SQL queries without proper sanitization or validation. - This enables attackers to forge input values, manipulate SQL queries, and perform unauthorized operations. - **Impact**: - Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data exposure, data tampering, full system control, and even service disruption, posing a serious threat to system security and business continuity. - **Source**: https://github.com/WHOAMI-xiaoyu/CVE/blob/main/CVE_3.md - **Submitter**: WeQi (UID 81525) - **Submission Time**: August 24, 2025, 04:47 PM - **Review Time**: August 31, 2025, 07:19 PM - **Status**: Accepted - **VulDB Entry**: 232671 [SourceCodester Eye Clinic Management System 1.0 search_index_Diagnosis.php Search sql injection] - **Points**: 20