SQL Injection Vulnerability in Clinic’s Patient Management System by SourceCodester
CVE-2025-3096

9.3CRITICAL

Key Information:

Vendor: Sourcecodester
Status: Clinic's Patient Management System
Vendor: CVE Published:; 1 April 2025

Summary

The Patient Management System by SourceCodester, specifically version 2.0, has been identified with a SQL injection vulnerability. Attackers can exploit this flaw through the login page, allowing unauthorized access to the system’s database. This could lead to data leakage or manipulation, compromising patient data security and system integrity.

Affected Version(s)

Clinic's Patient Management System 2.0

References

https://www.sourcecodester.com/php-clinics-patient-manage...

product

https://www.cve.org/CVERecord?id=CVE-2022-2297

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 1, 2025