VDB-311323 · CVE-2025-5779 · GCVE-100-311323

code-projects Patient Record Management System 1.0 /birthing.php itr_no/comp_id एसक्यूएल इंजेक्शन

एक दुर्बलता जी गंभीर म्हणून ओळखली गेली आहे, ती code-projects Patient Record Management System 1.0 मध्ये सापडली आहे. संबंधित आहे अज्ञात फंक्शन फाइल /birthing.php च्या. सॉफ्टवेअरमध्ये itr_no/comp_id या आर्ग्युमेंटमध्ये केलेली प्रक्रिया एसक्यूएल इंजेक्शन ला कारणीभूत ठरते. CWE द्वारे समस्या जाहीर केल्यास CWE-89 येथे पोहोचता येते. ही दुर्बलता प्रकाशित झाली होती 06/06/2025. github.com या ठिकाणी सल्ला डाउनलोडसाठी उपलब्ध आहे. ही त्रुटी CVE-2025-5779 म्हणून वर्गीकृत केली आहे. हा हल्ला रिमोटली सुरू करता येऊ शकतो. तांत्रिक माहिती उपलब्ध आहे. यासाठी एक एक्स्प्लॉइट उपलब्ध आहे. शोषणाची माहिती सार्वजनिक करण्यात आली आहे आणि ते वापरले जाऊ शकते. आत्ताच्या क्षणी सुमारे USD $0-$5k असण्याची शक्यता आहे. MITRE ATT&CK प्रकल्प T1505 या हल्ला तंत्रज्ञानाची घोषणा करतो. याला प्रूफ-ऑफ-कॉन्सेप्ट असे घोषित करण्यात आले आहे. शोषण डाउनलोड करण्यासाठी github.com येथे उपलब्ध आहे. 0-डे म्हणून त्याची अंदाजित काळ्या बाजारातील किंमत $0-$5k एवढी होती. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

4 बदल · 98 डेटा पॉइंट्स

शेत	तयार केली 06/06/2025 09:00 AM	अद्ययावत 1/3 07/06/2025 05:10 AM	अद्ययावत 2/3 09/06/2025 02:27 PM	अद्ययावत 3/3 11/06/2025 08:08 AM
software_vendor	code-projects	code-projects	code-projects	code-projects
software_name	Patient Record Management System	Patient Record Management System	Patient Record Management System	Patient Record Management System
software_version	1.0	1.0	1.0	1.0
software_file	/birthing.php	/birthing.php	/birthing.php	/birthing.php
software_argument	itr_no/comp_id	itr_no/comp_id	itr_no/comp_id	itr_no/comp_id
vulnerability_cwe	CWE-89 (एसक्यूएल इंजेक्शन)	CWE-89 (एसक्यूएल इंजेक्शन)	CWE-89 (एसक्यूएल इंजेक्शन)	CWE-89 (एसक्यूएल इंजेक्शन)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/Thiasap/HCPMS_PHP_vulns/blob/main/sql%20injection%20in%20birthing.php.pdf	https://github.com/Thiasap/HCPMS_PHP_vulns/blob/main/sql%20injection%20in%20birthing.php.pdf	https://github.com/Thiasap/HCPMS_PHP_vulns/blob/main/sql%20injection%20in%20birthing.php.pdf	https://github.com/Thiasap/HCPMS_PHP_vulns/blob/main/sql%20injection%20in%20birthing.php.pdf
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/Thiasap/HCPMS_PHP_vulns/blob/main/sql%20injection%20in%20birthing.php.pdf	https://github.com/Thiasap/HCPMS_PHP_vulns/blob/main/sql%20injection%20in%20birthing.php.pdf	https://github.com/Thiasap/HCPMS_PHP_vulns/blob/main/sql%20injection%20in%20birthing.php.pdf	https://github.com/Thiasap/HCPMS_PHP_vulns/blob/main/sql%20injection%20in%20birthing.php.pdf
source_cve	CVE-2025-5779	CVE-2025-5779	CVE-2025-5779	CVE-2025-5779
cna_responsible	VulDB	VulDB	VulDB	VulDB
software_type	Medical Device Software	Medical Device Software	Medical Device Software	Medical Device Software
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	6.7
cvss3_meta_tempscore	5.7	6.0	6.0	6.5
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1749160800 (06/06/2025)	1749160800 (06/06/2025)	1749160800 (06/06/2025)	1749160800 (06/06/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability has been found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /birthing.php. The manipulation of the argument itr_no/comp_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability has been found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /birthing.php. The manipulation of the argument itr_no/comp_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability has been found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /birthing.php. The manipulation of the argument itr_no/comp_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		L	L	L
cvss4_cna_ui		N	N	N
cvss4_cna_vc		L	L	L
cvss4_cna_vi		L	L	L
cvss4_cna_va		L	L	L
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.3	5.3	5.3
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		L	L	L
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		L	L	L
cvss3_cna_i		L	L	L
cvss3_cna_a		L	L	L
cvss3_cna_basescore		6.3	6.3	6.3
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		S	S	S
cvss2_cna_ci		P	P	P
cvss2_cna_ii		P	P	P
cvss2_cna_ai		P	P	P
cvss2_cna_basescore		6.5	6.5	6.5
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad en code-projects Patient Record Management System 1.0, clasificada como crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /birthing.php. La manipulación del argumento itr_no/comp_id provoca una inyección SQL. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.	Se ha encontrado una vulnerabilidad en code-projects Patient Record Management System 1.0, clasificada como crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /birthing.php. La manipulación del argumento itr_no/comp_id provoca una inyección SQL. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				N
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				N
cvss3_nvd_a				N
cvss3_nvd_basescore				7.5

◂ मागील बाजूस सिंहावलोकन पुढील ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!