SQL Injection Vulnerability in Patient Record Management System by code-projects
CVE-2025-4021
Key Information:
- Vendor
Code-projects
- Vendor
- CVE Published:
- 28 April 2025
Badges
What is CVE-2025-4021?
A security flaw exists within the Patient Record Management System 1.0, specifically in the file /edit_spatient.php, which allows for SQL injection through manipulation of the ID argument. This vulnerability can be exploited remotely, potentially leading to unauthorized access to the database. Public disclosure of this exploit raises concerns for users, highlighting the importance of immediate attention to system updates and patches.
Affected Version(s)
Patient Record Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved