CVE-2025-5298
SQL Injection vulnerability in Campcodes Online Hospital Management System 1.0.
Overview
A critical vulnerability has been discovered in Campcodes Online Hospital Management System 1.0. This vulnerability is caused by an unknown function of the file /admin/betweendates-detailsreports.php and leads to an SQL injection, which can be exploited remotely.
Technical Details
The vulnerability stems from the manipulation of "fromdate" or "todate" arguments in an unspecified function, which can lead to an SQL injection. The issue can be exploited remotely without any interaction from the user due to low attack complexity.
CVSS Metrics
- baseScore: 6.9
- attackVector: NETWORK
- attackComplexity: LOW
- privilegesRequired: NONE
- userInteraction: NONE
- scope: UNCHANGED
- confidentialityImpact: LOW
- integrityImpact: LOW
- availabilityImpact: LOW
Impact
An attacker can exploit this vulnerability and possibly compromise the Campcodes Online Hospital Management System, leading to unauthorized access to sensitive data or disruption of service.
Recommendations
Update the Campcodes Online Hospital Management System to the latest version. Ensure proper input validation is in place and special characters are appropriately handled.
Threat Metrics
- cvss_score: 6.9
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW