SQL Injection Vulnerability in Patient Record Management System by code-projects
CVE-2025-3304

5.3MEDIUM

Key Information:

Vendor

Code-projects

Status
Patient Record Management System
Vendor
CVE Published:
5 April 2025

Badges

👾 Exploit Exists

What is CVE-2025-3304?

A SQL Injection vulnerability has been identified in the Patient Record Management System 1.0, specifically in the /dental_not.php file. By manipulating the 'itr_no' argument, an attacker can execute arbitrary SQL code, potentially exposing sensitive data. This vulnerability can be exploited remotely, which increases its severity. Once publically disclosed, it poses a significant risk to the system, emphasizing the need for immediate patches and security measures to protect user data.

Affected Version(s)

Patient Record Management System 1.0

References

https://vuldb.com/?id.303501
vdb-entrytechnical-description
https://vuldb.com/?ctiid.303501
signaturepermissions-required
https://vuldb.com/?submit.549645
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

hyfhacker (VulDB User)
hyfhacker (VulDB User)
.