CVE-2025-57254

Published
View on NVD ↗
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password POST parameters. The application fails to properly sanitize input before embedding it into SQL queries, leading to unauthorized access or potential data breaches. This can result in privilege escalation, account takeover, or exposure of sensitive medical data.

ischyr/research-and-development
ischyr/research-and-development
GitHubGitHub
Karthikg1908/Hospital-Management-System
Karthikg1908/Hospital-Management-System
The purpose of the project entitled as “HOSPITAL MANAGEMENT SYSTEM” is to computerize the Front Office Management of Hospital to develop software which is user friendly simple, fast, and cost – effective. It deals with the collection of patient’s information, diagnosis details, etc.
GitHubGitHub
63