CVE-2025-63512

Medium CVSS: 6.5

kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize user-supplied input from the demail parameter before incorporating it directly into a dynamic SQL query.

Vendor

Kishan0725

Product

Hospital Management System

CWE

CWE-89

Yayın Tarihi

2025-11-18 17:16:09

Güncelleme

2025-11-20 21:58:59

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Hospital Management System MEDIUM Kishan0725 2025

Referanslar

https://github.com/NicatAliyevh/Zero-Days/blob/main/Hospital_Management_System_SQL2.md

Benzer Kayıtlar

Medium

CVE-2025-63514

kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email para…

Medium

CVE-2025-63513

kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment…

Critical

CVE-2023-41525

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter…

Critical

CVE-2023-41526

Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the user…

Critical

CVE-2023-41527

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in fun…

Critical

CVE-2023-41528

Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the tx…