SQL Injection Vulnerability in Patient Record Management System by code-projects
CVE-2025-3304
5.3MEDIUM
What is CVE-2025-3304?
A SQL Injection vulnerability has been identified in the Patient Record Management System 1.0, specifically in the /dental_not.php file. By manipulating the 'itr_no' argument, an attacker can execute arbitrary SQL code, potentially exposing sensitive data. This vulnerability can be exploited remotely, which increases its severity. Once publically disclosed, it poses a significant risk to the system, emphasizing the need for immediate patches and security measures to protect user data.
Affected Version(s)
Patient Record Management System 1.0
References
CVSS V4
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
hyfhacker (VulDB User)
hyfhacker (VulDB User)