CVE-2025-63497

The CVE-2025-63497 entry concerns rickxy Hospital Management System v1.0, where the patient prescription viewing function his_doc_view_single_patient.php concatenates the GET parameter pat_number directly into SQL queries. This root cause enables SQL injection, allowing an authenticated doctor to...

CVE-2025-63497

The patient prescription viewing functionality in hisdocviewsinglepatient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The patnumber GET parameter is directly concatenated into SQL queries without proper sanitization, allowing authenticated attacke...

PT-2025-35815

Name of the Vulnerable Software and Affected Versions: phpgurukul Doctor Appointment Management System version 1.0 Description: An authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is rendered without proper sanitization when a user visits the...

CVE-2025-1572

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the ‘uid’ parameter in all versions up to, and including, 3.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

PT-2025-9066 · WordPress · Kivicare – Clinic & Patient Management System (Ehr) Plugin

Name of the Vulnerable Software and Affected Versions: KiviCare – Clinic & Patient Management System EHR plugin for WordPress versions up to, and including, 3.6.7 Description: The issue is related to SQL Injection via the u id parameter due to insufficient escaping on the user-supplied parameter...