Cybersecurity specialists report the discovery of a critical vulnerability in Medisol, a medical services management system developed by the technology firm Codester. The flaw has yet to be addressed by the manufacturer, so a potential attack in the wild is feared.
According to the report, the security flaw exists due to the inappropriate user-supplied data debugging in the “Password” parameter. Remote threat actors can send specially crafted requests to the affected application aiming to run arbitrary SQL commands within the target application database. The flaw has not yet received a CVE tracking key.
The vulnerability received a Common Vulnerability Scoring System (CVSS) of 9/10 and its successful exploitation would allow malicious hackers to read, modify or even delete data in an affected database.
This flaw resides in Medisol Doctors Patients Management System v1.0 and there are no security patches. Importantly, the flaw can be remotely triggered by unauthenticated threat actors, although no active exploitation attempts have been detected so far.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.