20 matches found
CVE-2025-3243
CVE-2025-3243 affects Code-Projects Patient Record Management System 1.0. The issue resides in dental_form.php, where manipulation of itr_no/dental_no enables SQL injection. Attack can be remote, with public exploitation documented in connected sources (e.g., GitHub exploits). Affected software r...
CVE-2025-3955
CVE-2025-3955 affects codeprojects Patient Record Management System 1.0. The vulnerability resides in /edit_rpatient.php.php, where unsafely handling the id/lastname parameters enables SQL injection. Attacks can be initiated remotely, and multiple sources report that the exploit has been disclose...
CVE-2025-3348
The CVE-2025-3348 entry affects code-projects Patient Record Management System 1.0. A SQL injection is triggered via the ID parameter in the vulnerable file /edit_dpatient.php (documented by NVD, Red Hat, CNVD, CNNVD, and others). The vulnerability is exploitable remotely and exploitation has bee...
CVE-2025-4197
Code-projects Patient Record Management System 1.0 is affected by a SQL injection in /edit_xpatient.php via the lastname parameter. The vulnerability stems from unsanitized input, enabling remote exploitation and data theft; public exploit activity is indicated. Relevant connected sources corrobo...
CVE-2025-4021
CVE-2025-4021 affects code-projects Patient Record Management System 1.0. The vulnerability is an SQL injection in an unknown part of the file /edit_spatient.php driven by manipulation of the ID parameter, with remote exploitation possible. Exploit has been disclosed publicly. Connected sources c...
CVE-2025-3304
CVE-2025-3304 concerns code-projects Patient Record Management System 1.0. The vulnerability is in the dental_not.php file, where manipulation of the itr_no parameter enables SQL injection. Several connected sources confirm remote feasibility and public disclosure of the exploit. The issue affect...
CVE-2025-3685
The CVE-2025-3685 entry concerns code-projects Patient Record Management System 1.0. The vulnerability is a SQL injection in the file /edit_fpatient.php, exploitable by manipulating the ID parameter. The issue is described as remote-exploitable, with public disclosure of the exploit. Connected so...
CVE-2025-4458
CVE-2025-4458 affects code-projects Patient Record Management System 1.0. The vulnerability is a SQL injection in the /edit_upatient.php endpoint, triggered by manipulating the ID parameter due to lack of input validation. Exploitation can be performed remotely and may lead to sensitive data expo...
CVE-2025-3303
CVE-2025-3303 affects the code-projects Patient Record Management System 1.0. The SQL injection vulnerability is rooted in birthing_record.php via manipulation of the itr_no parameter, potentially enabling remote attacker access and data theft; multiple sources describe this as a critical issue w...
CVE-2025-5779
The CVE-2025-5779 entry concerns code-projects Patient Record Management System 1.0. A SQL injection vulnerability exists in the /birthing.php file, triggered by unsafely handling the itr_no/comp_id parameters. The exact impact stated across sources is manipulation of these inputs, enabling remot...
CVE-2025-4459
CVE-2025-4459 affects code-projects Patient Record Management System 1.0. The vulnerability is an SQL injection in fecalysis_form.php caused by unsafely using the itr_no argument, enabling remote exploitation. Public exploit information is noted. Impact in sources ranges from data disclosure to b...
CVE-2025-5627
CVE-2025-5627 concerns the code-projects Patient Record Management System v1.0. Multiple connected sources describe a SQL injection vulnerability in the file /sputum_form.php triggered by manipulating the parameter itr_no . The issue is exploitable remotely and affects an unknown functionality; e...
CVE-2025-5762
CVE-2025-5762 affects code-projects Patient Record Management System 1.0; the vulnerability is an SQL injection in view_hematology.php caused by unsafely handling the itr_no parameter. It can be triggered remotely and has been disclosed publicly. Several connected records (CNVD/CNNVD/Red Hat/NTTP...
CVE-2024-9034
CVE-2024-9034 affects Code-Projects Patient Record Management System v1.0. Affected functionality: login.php; root cause is an SQL injection via the username parameter. Impact: potential unauthorized data access/modification with network-remote capability; multiple sources note public disclosure ...
CVE-2025-3347
The CVE-2025-3347 entry concerns Code-Projects Patient Record Management System 1.0. A SQL injection vulnerability exists in /dental_pending.php via the ID parameter, caused by inadequate validation. The issue allows remote exploitation and, per CNVD/CNNVD, could lead to unauthorized access to se...
CVE-2025-5780
CVE-2025-5780 affects code-projects Patient Record Management System 1.0, specifically the /view_dental.php file. The vulnerability is a SQL injection caused by unsafely handling the itr_no parameter, enabling remote exploitation. Public disclosure is noted in the sources. Impact is execution of ...
CVE-2025-3210
The CVE-2025-3210 entry concerns a SQL injection in code-projects’ Patient Record Management System 1.0, arising from unsafely handling the birth_id parameter in birthing_pending.php. Multiple connected sources confirm the vulnerability affects an unknown function/file within that PHP endpoint, a...
CVE-2025-3208
CVE-2025-3208 affects code-projects Patient Record Management System (PRMS) 1.0. The vulnerability is in the xray_print.php file, where the itr_no parameter can be manipulated to perform SQL injection. Exploitation appears feasible remotely, and public disclosures exist. Connected sources consist...
CVE-2025-3207
CVE-2025-3207 concerns code-projects’ Patient Record Management System 1.0, where the file birthing_form.php processes the parameter birth_id unsafely, enabling a SQL injection. Multiple connected sources (CNVD-2025-30015, Red Hat, PT-2025-14836, CNNVD) describe a remote, externally invokable vul...
CVE-2026-2706
CVE-2026-2706 affects code-projects Patient Record Management System 1.0. The vulnerability is in the file fecalysis_not.php (and variants listed as fecalysis not.php) where improper handling of the comp_id parameter leads to SQL injection. The issue is exploitable remotely and, per sources, the ...