EUVD-2025-16905

| CVE-2025-5604 HIGH
2025-06-04 [email protected]
7.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 17:29 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 17:29 euvd
EUVD-2025-16905
PoC Detected
Jun 10, 2025 - 15:08 vuln.today
Public exploit code
CVE Published
Jun 04, 2025 - 19:15 nvd
HIGH 7.3

Tags

PHP SQLi Online Hospital Management System

Description

A vulnerability was found in Campcodes Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical SQL injection vulnerability in Campcodes Hospital Management System version 1.0, specifically in the /user-login.php file's Username parameter. This allows unauthenticated remote attackers to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or service disruption. The vulnerability has been publicly disclosed with exploit proof-of-concept available, and poses immediate risk to hospital operations and patient data confidentiality.

Technical Context

The vulnerability exists in a web-based hospital management system written in PHP, specifically in the user authentication module (/user-login.php). The root cause is classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component - 'Injection'), which indicates insufficient input validation and sanitization of the Username parameter before incorporation into SQL queries. The application likely constructs dynamic SQL statements by directly concatenating user input without parameterized queries or prepared statements. This is a classic SQL injection flaw where attackers can manipulate SQL syntax to bypass authentication, extract sensitive healthcare data, or modify database records. The affected product is Campcodes Hospital Management System CPE: cpe:2.3:a:campcodes:hospital_management_system:1.0:*:*:*:*:*:*:*

Affected Products

Hospital Management System (['1.0'])

Remediation

Primary - Patch: Update Campcodes Hospital Management System to version 1.1 or later (check vendor for availability). Contact vendor at support channels for emergency security patch if version >1.0 unavailable.; priority: Critical - implement within 24-48 hours Code-Level Fix: Replace dynamic SQL concatenation in /user-login.php with parameterized queries/prepared statements. Example (PHP): Use mysqli_prepare() or PDO prepared statements with placeholders (?) instead of string concatenation for Username parameter. Input Validation: Implement strict whitelist validation for Username parameter - alphanumeric and common characters only, enforce length limits (e.g., 50 chars max), reject special SQL characters (', ", ;, --, /*, */) WAF Mitigation (Temporary): Deploy Web Application Firewall (WAF) rules to block requests containing SQL injection patterns in /user-login.php Username parameter (regex: '|--|/\*|\*/|union|select|drop|insert|update|delete|exec|script') Access Control: Restrict network access to /user-login.php to authorized IP ranges only (e.g., hospital intranet, VPN) pending patch availability Monitoring: Enable query logging and monitor for suspicious SQL patterns in application logs; alert on failed authentication attempts with special characters

Priority Score

57
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +36
POC: +20

Share

EUVD-2025-16905 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy