How to fix EUVD-2025-17052?

Within 24 hours: Isolate affected systems from production networks or restrict network access to the login interface. Within 7 days: Deploy WAF rules to block SQL injection patterns on the /login.php email parameter, implement input validation, and conduct full database audit for unauthorized access. Within 30 days: Migrate to an alternative clinic management system or upgrade to a patched version when available; document all remediation actions for compliance records.

Is PHP affected by EUVD-2025-17052?

A publicly disclosed SQL injection vulnerability in the Open Source Clinic Management System allows unauthenticated remote attackers to compromise patient data and system integrity through the login interface.

EUVD-2025-17052

| CVE-2025-5716 HIGH

2025-06-06 [email protected]

7.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17052

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

PoC Detected

Jun 10, 2025 - 15:46 vuln.today

Public exploit code

CVE Published

Jun 06, 2025 - 04:15 nvd

HIGH 7.3

Description

A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

A remote code execution vulnerability in A vulnerability classified as critical (CVSS 7.3). Risk factors: public PoC available.

Technical Context

CWE-74 (Injection). CVSS 7.3 indicates high severity. Affects A vulnerability classified as critical.

Affected Products

['A vulnerability classified as critical']

Remediation

Monitor vendor channels for patch availability. Implement input validation and WAF rules as interim mitigation.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: +20

EUVD-2025-17052 vulnerability details – vuln.today

Back

EUVD-2025-17052

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-17052

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code