SQL Injection Vulnerability in SourceCodester Health Center Patient Record Management System
CVE-2025-5376
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 31 May 2025
Badges
What is CVE-2025-5376?
A security flaw has been identified in the SourceCodester Health Center Patient Record Management System version 1.0. The vulnerability arises from improper handling of the 'itr_no' argument in the '/patient.php' file, permitting attackers to execute malicious SQL queries. This SQL Injection vulnerability can be exploited remotely, potentially compromising sensitive patient data. The exploit has been publicly disclosed, highlighting the necessity for immediate security measures to mitigate the risks associated with this vulnerability.
Affected Version(s)
Health Center Patient Record Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved