A critical SQL Injection vulnerability has been identified in the login functionality of code-projects Online Medicine Guide 1.0. This flaw allows an unauthenticated attacker to bypass login controls and potentially gain full access to the application's underlying database, leading to a complete compromise of system data and integrity.

The application is vulnerable to SQL Injection via the upass parameter on the /login.php page. An unauthenticated remote attacker can submit a specially crafted SQL query in the password field of the login form. Because the application fails to properly sanitize this input, the malicious query is executed directly by the database, which can allow the attacker to bypass authentication, exfiltrate sensitive data, modify or delete database records, and potentially achieve remote code execution on the underlying server.

This vulnerability is rated as critical severity with a CVSS score of 9.8, posing a significant and immediate threat to the organization. Successful exploitation could lead to a severe data breach, exposing sensitive user information, medical guide data, and administrative credentials. The business risks include unauthorized access to the entire system, loss of data integrity, significant reputational damage, and potential legal or regulatory penalties if sensitive personal or health information is compromised.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately. Identify all instances of the affected software and upgrade "Unknown Multiple Products" to the latest patched version. After patching, it is crucial to review access logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring of web server and database logs. Specifically, look for suspicious requests to /login.php containing SQL syntax (e.g., ', UNION, SELECT, --, SLEEP()) in the upass parameter. Monitor for unusual database queries, unexpected database user activity, or large data egress from the database server.

Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL Injection attacks. Configure WAF rules to scrutinize the upass parameter on the /login.php endpoint. Additionally, ensure the database user account has minimum necessary privileges to limit the impact of a potential breach.

Public Exploit Available: true

Given the critical CVSS score of 9.8 and the ease of exploitation, this vulnerability requires immediate attention. We strongly recommend that all affected systems be patched without delay. Organizations should treat this vulnerability with the highest priority, similar to a CISA KEV-listed vulnerability, due to the high probability of exploitation and the severe potential impact. If patching is delayed, the implementation of a WAF and proactive monitoring are critical to mitigate the immediate risk.