CVE Details
Basic Information
| Title | ponaravindb Hospital Management System func3.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-20T12:00:19.885Z |
| Last Seen |
Product Information
| Vendor | ponaravindb |
|---|---|
| Product | Hospital Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability in the Hospital Management System allows remote attackers to inject malicious SQL code via the username1 argument in func3.php. This could lead to unauthorized data access or modification. |
|---|---|
| AI Severity | Medium |
| Vendor | ponaravindb |
| Product | Hospital Management System |
| Affected Version | 1.0 |
Affected Products
- ponaravindb Hospital Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability was found in ponaravindb Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /func3.php. The manipulation of the argument username1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.