CVE-2025-63497

High CVSS: 7.1

The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The pat_number GET parameter is directly concatenated into SQL queries without proper sanitization, allowing authenticated attackers (doctor role) to execute arbitrary SQL queries.

Vendor

Rickxy

Product

Hospital Management System

CWE

CWE-89

Yayın Tarihi

2025-11-10 17:15:35

Güncelleme

2025-12-11 23:30:48

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Hospital Management System HIGH Rickxy 2025

Referanslar

https://github.com/cristibtz/security-research/blob/main/CVE-2025-63497/report.md https://github.com/cristibtz/security-research/tree/main/rickxy-Hospital-Management-System

Benzer Kayıtlar

Medium

CVE-2025-70062

PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor…

Medium

CVE-2025-70063

The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference…

High

CVE-2025-70064

PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient…

Medium

CVE-2026-2179

A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the fil…

Medium

CVE-2026-2134

A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unkn…

Medium

CVE-2026-1550

A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown…