VDB-303562 · CVE-2025-3348 · EUVD-2025-9986

code-projects Patient Record Management System 1.0 /edit_dpatient.php Auðkenni SQL innsláttur

Veikleiki sem flokkast sem gagnrýninn hefur fundist í code-projects Patient Record Management System 1.0. Áhrif eru á óþekkt fall í skránni /edit_dpatient.php. Að breyta viðfanginu Auðkenni veldur SQL innsláttur. Að nota CWE til að lýsa vandamálinu leiðir til CWE-89. Upplýst var um veikleikann 06.04.2025. Öryggisviðvörunin er deilt til niðurhals á github.com. Þessi veikleiki gengur undir heitinu CVE-2025-3348. Hægt er að framkvæma þessa árás úr fjarlægð. Tæknilegar upplýsingar eru tiltækar. Auk þess er til exploit. Upplýsingar um veikleikann hafa verið gerðar opinberar og hægt er að nýta þær. Eins og er er verð fyrir nýtingu gæti verið um það bil USD $0-$5k. MITRE ATT&CK verkefnið skilgreinir árásartæknina sem T1505. Það er skilgreint sem sönnun hugmyndar. Afrit af veikleikanum er í boði til niðurhals á github.com. Áætlað verð á 0-dags veikleika á svörtum markaði var um $0-$5k. Once again VulDB remains the best source for vulnerability data.

3 Breytingar · 98 Gagnapunktar

Svið	Búið til 06.04.2025 16:46	Uppfært 1/2 29.05.2025 06:57	Uppfært 2/2 04.10.2025 17:18
software_vendor	code-projects	code-projects	code-projects
software_name	Patient Record Management System	Patient Record Management System	Patient Record Management System
software_version	1.0	1.0	1.0
software_file	/edit_dpatient.php	/edit_dpatient.php	/edit_dpatient.php
software_argument	id	id	id
vulnerability_cwe	CWE-89 (SQL innsláttur)	CWE-89 (SQL innsláttur)	CWE-89 (SQL innsláttur)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/hyx123123/cve1/blob/main/cve2.md	https://github.com/hyx123123/cve1/blob/main/cve2.md	https://github.com/hyx123123/cve1/blob/main/cve2.md
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/hyx123123/cve1/blob/main/cve2.md	https://github.com/hyx123123/cve1/blob/main/cve2.md	https://github.com/hyx123123/cve1/blob/main/cve2.md
source_cve	CVE-2025-3348	CVE-2025-3348	CVE-2025-3348
cna_responsible	VulDB	VulDB	VulDB
software_type	Medical Device Software	Medical Device Software	Medical Device Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_meta_basescore	6.3	7.1	7.1
cvss3_meta_tempscore	5.7	6.9	6.9
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
advisory_date	1743890400 (06.04.2025)	1743890400 (06.04.2025)	1743890400 (06.04.2025)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. This vulnerability affects unknown code of the file /edit_dpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. This vulnerability affects unknown code of the file /edit_dpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
cve_nvd_summaryes		Se encontró una vulnerabilidad clasificada como crítica en code-projects Patient Record Management System 1.0. Esta vulnerabilidad afecta al código desconocido del archivo /edit_dpatient.php. La manipulación del ID del argumento provoca una inyección SQL. El ataque puede iniciarse remotamente. Se ha hecho público el exploit y puede que sea utilizado.	Se encontró una vulnerabilidad clasificada como crítica en code-projects Patient Record Management System 1.0. Esta vulnerabilidad afecta al código desconocido del archivo /edit_dpatient.php. La manipulación del ID del argumento provoca una inyección SQL. El ataque puede iniciarse remotamente. Se ha hecho público el exploit y puede que sea utilizado.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		L	L
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		5.3	5.3
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		6.3	6.3
cvss3_nvd_av		N	N
cvss3_nvd_ac		L	L
cvss3_nvd_pr		L	L
cvss3_nvd_ui		N	N
cvss3_nvd_s		U	U
cvss3_nvd_c		H	H
cvss3_nvd_i		H	H
cvss3_nvd_a		H	H
cvss3_nvd_basescore		8.8	8.8
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		6.5	6.5
euvd_id			EUVD-2025-9986

◂ Til baka Yfirlit Næst ▸

Do you need the next level of professionalism?

Upgrade your account now!