CVE-2025-9770

Опубликовано: 01 сент. 2025

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A weakness has been identified in Campcodes Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Dashboard Login. This manipulation of the argument Password causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

Ссылки

https://github.com/Yashh-G/zero-day-research/blob/main/HMS_Admin_Auth_Bypass.pdf
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.322070
Permissions Required
VDB Entry
https://vuldb.com/?id.322070
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.640807
VDB Entry
https://www.campcodes.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:campcodes:hospital_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00038

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

EPSS

Процентиль: 11%

0.00038

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74