SQL Injection Vulnerability in Campcodes Online Hospital Management System by Campcodes
CVE-2025-63719

7.3HIGH

Key Information:

Vendor

Campcodes

Status
Campcodes Online Hospital Management System
Vendor
CVE Published:
19 November 2025

What is CVE-2025-63719?

The Campcodes Online Hospital Management System version 1.0 is exposed to an SQL Injection vulnerability in the /admin/index.php file. This security flaw allows attackers to manipulate SQL queries via the 'username' parameter, potentially leading to unauthorized access to sensitive data. Organizations using this software should implement immediate measures to secure their systems against this risk.

References

https://github.com/Pei4AN/CVE/issues/6

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-63719 : SQL Injection Vulnerability in Campcodes Online Hospital Management System by Campcodes