SQL Injection Vulnerability in Clinic’s Patient Management System by SourceCodester
CVE-2025-3096

9.3CRITICAL

Key Information:

Vendor: Sourcecodester
Status: Clinic's Patient Management System
Vendor: CVE Published:; 1 April 2025

🔔 Create Sourcecodester Vulnerability Alert

What is CVE-2025-3096?

The Patient Management System by SourceCodester, specifically version 2.0, has been identified with a SQL injection vulnerability. Attackers can exploit this flaw through the login page, allowing unauthorized access to the system’s database. This could lead to data leakage or manipulation, compromising patient data security and system integrity.

Affected Version(s)

Clinic's Patient Management System 2.0

References

https://www.sourcecodester.com/php-clinics-patient-manage...

product

https://www.cve.org/CVERecord?id=CVE-2022-2297

EPSS Score

27% chance of being exploited in the next 30 days.

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025