A vulnerability was found in code-projects Patient Record Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file fecalysis_form.php. The manipulation of the argument itr_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00032}

epss

{'score': 0.00037}


Fri, 16 May 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects patient Record Management System
CPEs cpe:2.3:a:code-projects:patient_record_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects patient Record Management System

Fri, 09 May 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 09 May 2025 04:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in code-projects Patient Record Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file fecalysis_form.php. The manipulation of the argument itr_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Title code-projects Patient Record Management System fecalysis_form.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-05-09T13:28:15.078Z

Reserved: 2025-05-08T19:02:58.355Z

Link: CVE-2025-4459

cve-icon Vulnrichment

Updated: 2025-05-09T13:27:49.647Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-09T04:16:17.510

Modified: 2025-05-16T15:36:12.370

Link: CVE-2025-4459

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.