This vulnerability in mojoomla Hospital Management System arises from improper neutralization of special elements used in SQL commands, enabling SQL Injection attacks. It affects versions up to and including 47.0 (20-11-2023). The CVSS 3.1 score of 9.3 reflects a critical severity with network attack vector, low attack complexity, no privileges or user interaction needed, and a scope change. The impact includes high confidentiality loss and low availability impact. No vendor advisory or patch information is provided, and the product is not a cloud service.

Successful exploitation could allow an unauthenticated attacker to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized disclosure of sensitive information (confidentiality impact is high) and partial disruption of service (availability impact is low). Integrity impact is not indicated. No known exploits have been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider implementing application-level input validation and use of parameterized queries as temporary mitigations. Monitor vendor channels for updates and apply official patches promptly once released.