SQL Injection Vulnerability in Online Medicine Guide by code-projects
CVE-2025-8497
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 3 August 2025
Badges
What is CVE-2025-8497?
A vulnerability exists in the Online Medicine Guide (version 1.0) by code-projects that enables remote attackers to perform SQL injection through the manipulation of the 'Search' parameter in the /cusfindphar2.php file. This flaw allows attackers to execute arbitrary SQL commands, potentially compromising the integrity of the database and exposing sensitive data. Given that public exploits have been disclosed, it is crucial for users to assess their systems for this vulnerability and apply necessary patches or mitigations.
Affected Version(s)
Online Medicine Guide 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved