code-projects Patient Record Management System 1.0 /dental_pending.php ID Okuteekateeka kwa SQL
Waliwo obulabe obwategekeddwa nga ekikulu nnyo obuzuliddwa mu code-projects Patient Record Management System 1.0. Obulabe buli ku omugaso ogutamanyiddwa ku fayiro /dental_pending.php. Okukozesa ku lugero ID kivirako Okuteekateeka kwa SQL. Okukozesa CWE okulaga ekizibu kireetera CWE-89. Obunafu buno bwateekebwawo ku 06/04/2025. Ekiteeso kino kisangibwa ku mukutu ogusobola okuddownloadinga ku github.com. Obunafu buno buzibwa nga CVE-2025-3347. Kisoboka okutandika okukola attack okuva wala. Obulambulukufu bw'eby'ekikugu buliwo. Okuddamu, waliwo ekikozesebwa ekiriwo. Ekikozesebwa kyamanyiddwa mu bantu era kisobola okukozesebwa. Mu kiseera kino, omutengo ogw’akaseera ku kikozesebwa kiyinza okuba nga giri mu USD $0-$5k mu kiseera kino. Kitegekeddwa nga ebikakasa eby'okukakasa obusobozi. Kisoboka okuddownloadinga exploit ku github.com. Ng’era 0-day, omuwendo ogusabibwa mu kifo ky’obutali mu mateeka gwali nga wa ddala $0-$5k. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
2 Okukyuusa · 97 Obubonero bw'ebikwata ku byuma
| Ekibanja | Kikolebwa 06/04/2025 16:46 | Okukozesa enkola empya 1/1 29/05/2025 06:36 |
|---|---|---|
| software_version | 1.0 | 1.0 |
| software_file | /dental_pending.php | /dental_pending.php |
| software_argument | id | id |
| vulnerability_cwe | CWE-89 (Okuteekateeka kwa SQL) | CWE-89 (Okuteekateeka kwa SQL) |
| vulnerability_risk | 2 | 2 |
| cvss3_vuldb_av | N | N |
| cvss3_vuldb_ac | L | L |
| cvss3_vuldb_ui | N | N |
| cvss3_vuldb_s | U | U |
| cvss3_vuldb_c | L | L |
| cvss3_vuldb_i | L | L |
| cvss3_vuldb_a | L | L |
| cvss3_vuldb_e | P | P |
| cvss3_vuldb_rc | R | R |
| advisory_url | https://github.com/hyx123123/cve1/blob/main/README.md | https://github.com/hyx123123/cve1/blob/main/README.md |
| exploit_availability | 1 | 1 |
| exploit_publicity | 1 | 1 |
| exploit_url | https://github.com/hyx123123/cve1/blob/main/README.md | https://github.com/hyx123123/cve1/blob/main/README.md |
| source_cve | CVE-2025-3347 | CVE-2025-3347 |
| cna_responsible | VulDB | VulDB |
| software_type | Medical Device Software | Medical Device Software |
| cvss2_vuldb_av | N | N |
| cvss2_vuldb_ac | L | L |
| cvss2_vuldb_ci | P | P |
| cvss2_vuldb_ii | P | P |
| cvss2_vuldb_ai | P | P |
| cvss2_vuldb_e | POC | POC |
| cvss2_vuldb_rc | UR | UR |
| cvss4_vuldb_av | N | N |
| cvss4_vuldb_ac | L | L |
| cvss4_vuldb_ui | N | N |
| cvss4_vuldb_vc | L | L |
| cvss4_vuldb_vi | L | L |
| cvss4_vuldb_va | L | L |
| cvss4_vuldb_e | P | P |
| cvss2_vuldb_au | S | S |
| cvss2_vuldb_rl | ND | ND |
| cvss3_vuldb_pr | L | L |
| cvss3_vuldb_rl | X | X |
| cvss4_vuldb_at | N | N |
| cvss4_vuldb_pr | L | L |
| cvss4_vuldb_sc | N | N |
| cvss4_vuldb_si | N | N |
| cvss4_vuldb_sa | N | N |
| cvss2_vuldb_basescore | 6.5 | 6.5 |
| cvss2_vuldb_tempscore | 5.6 | 5.6 |
| cvss3_vuldb_basescore | 6.3 | 6.3 |
| cvss3_vuldb_tempscore | 5.7 | 5.7 |
| cvss3_meta_basescore | 6.3 | 7.1 |
| cvss3_meta_tempscore | 5.7 | 6.9 |
| cvss4_vuldb_bscore | 5.3 | 5.3 |
| cvss4_vuldb_btscore | 2.1 | 2.1 |
| advisory_date | 1743890400 (06/04/2025) | 1743890400 (06/04/2025) |
| price_0day | $0-$5k | $0-$5k |
| software_vendor | code-projects | code-projects |
| software_name | Patient Record Management System | Patient Record Management System |
| cve_nvd_summary | A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /dental_pending.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |
| cve_nvd_summaryes | Se ha detectado una vulnerabilidad crítica en code-projects Patient Record Management System 1.0. Esta afecta a una parte desconocida del archivo /dental_pending.php. La manipulación del ID del argumento provoca una inyección SQL. Es posible iniciar el ataque de forma remota. Se ha hecho público el exploit y puede que sea utilizado. | |
| cvss4_cna_av | N | |
| cvss4_cna_ac | L | |
| cvss4_cna_at | N | |
| cvss4_cna_pr | L | |
| cvss4_cna_ui | N | |
| cvss4_cna_vc | L | |
| cvss4_cna_vi | L | |
| cvss4_cna_va | L | |
| cvss4_cna_sc | N | |
| cvss4_cna_si | N | |
| cvss4_cna_sa | N | |
| cvss4_cna_bscore | 5.3 | |
| cvss3_cna_av | N | |
| cvss3_cna_ac | L | |
| cvss3_cna_pr | L | |
| cvss3_cna_ui | N | |
| cvss3_cna_s | U | |
| cvss3_cna_c | L | |
| cvss3_cna_i | L | |
| cvss3_cna_a | L | |
| cvss3_cna_basescore | 6.3 | |
| cvss3_nvd_av | N | |
| cvss3_nvd_ac | L | |
| cvss3_nvd_pr | L | |
| cvss3_nvd_ui | N | |
| cvss3_nvd_s | U | |
| cvss3_nvd_c | H | |
| cvss3_nvd_i | H | |
| cvss3_nvd_a | H | |
| cvss3_nvd_basescore | 8.8 | |
| cvss2_cna_av | N | |
| cvss2_cna_ac | L | |
| cvss2_cna_au | S | |
| cvss2_cna_ci | P | |
| cvss2_cna_ii | P | |
| cvss2_cna_ai | P | |
| cvss2_cna_basescore | 6.5 |