SQL Injection Vulnerability in Online Medicine Guide by Code-Projects
CVE-2025-8441
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 1 August 2025
Badges
What is CVE-2025-8441?
A SQL injection vulnerability exists in the Online Medicine Guide version 1.0, specifically in the unknown function of the file /pharsignup.php. By manipulating the 'phuname' argument, an attacker can execute malicious SQL commands, enabling remote exploitation of the system. Public disclosure of this exploit means that affected systems are at risk of unauthorized data access and modifications. It is crucial for users of this software to apply necessary security measures to protect against potential attacks.
Affected Version(s)
Online Medicine Guide 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved