CVE Details
Basic Information
| Title | code-projects Online Medicine Guide pharsignup.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-08-01T07:32:06.576Z |
| Modified | 2025-08-01T07:32:06.576Z |
Product Information
| Vendor | code-projects |
|---|---|
| Product | Online Medicine Guide |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A critical SQL injection vulnerability was discovered in the Online Medicine Guide 1.0, specifically in the pharsignup.php file. This allows remote attackers to inject malicious SQL code via the ‘phuname’ parameter, potentially leading to unauthorized database access and data manipulation. The vulnerability has been publicly disclosed, making it a significant concern for users of this software. |
|---|---|
| AI Severity | Medium |
| AI Vendor | code-projects |
| AI Product | Online Medicine Guide |
| AI Version | 1.0 |
Affected Products
- code-projects Online Medicine Guide 1.0
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the argument phuname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.