How to fix EUVD-2025-18814?

Within 24 hours: Take the affected login portal offline or restrict access to trusted networks only; notify your legal and compliance teams of potential breach obligations; begin forensic logs review for exploitation attempts. Within 7 days: Deploy WAF rules to block SQL injection patterns on /user-login.php; implement IP whitelisting for administrative access; audit user access logs for unauthorized activity. Within 30 days: Evaluate alternative hospital management systems or plan immediate migration; contact vendor for patch timeline; conduct security assessment of other vendor applications in your infrastructure.

Is PHP affected by EUVD-2025-18814?

A publicly disclosed SQL injection vulnerability in the Campcodes Online Hospital Management System login function allows unauthenticated attackers to bypass authentication and access sensitive patient data and hospital records.

EUVD-2025-18814

| CVE-2025-6407 HIGH

2025-06-21 [email protected]

7.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 21:35 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 21:35 euvd

EUVD-2025-18814

PoC Detected

Jun 24, 2025 - 19:04 vuln.today

Public exploit code

CVE Published

Jun 21, 2025 - 15:15 nvd

HIGH 7.3

Description

A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /user-login.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

A SQL injection vulnerability (CVSS 7.3). Risk factors: public PoC available.

Technical Context

CWE-74 (Injection). CVSS 7.3 indicates high severity.

Affected Products

['Unspecified product']

Remediation

Monitor vendor channels for patch availability. Implement input validation and WAF rules as interim mitigation.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +36

POC: +20

EUVD-2025-18814 vulnerability details – vuln.today

Back

EUVD-2025-18814

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-18814

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code