CVE-2025-3211

Опубликовано: 04 апр. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 7.5

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /birthing_print.php. The manipulation of the argument itr_no/birth_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://code-projects.org/
Product
https://github.com/codinglosser/cve/blob/main/README.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.303165
Permissions Required
VDB Entry
https://vuldb.com/?id.303165
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.545964
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fabianros:patient_record_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00138

Низкий

6.3 Medium

CVSS3

7.5 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

CWE-89

Связанные уязвимости

GHSA-9gmr-vw8q-4xjq

CVSS3: 6.3

github

10 месяцев назад

A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /birthing_print.php. The manipulation of the argument itr_no leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 34%

0.00138

Низкий

6.3 Medium

CVSS3

7.5 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

CWE-89