CVE-2025-3243

MEDIUM

code-projects Patient Record Management System 1.0 - SQL Injection

Title source: llm

Description

A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no/dental_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (3)

nomisec WORKING POC 7 stars

by TeneBrae93 · poc

https://github.com/TeneBrae93/CVE-2025-3243

View Code ZIP pw:eip

github WORKING POC

by manus-use · postscriptpoc

https://github.com/manus-use/cve-pocs/tree/main/Erlang-OTP-SSH-CVE-2025-3243

View Code ZIP pw:eip

nomisec SCANNER

by ladosudeste · poc

https://github.com/ladosudeste/CVE-2025-3243

View Code ZIP pw:eip

References (5)

[Product] https://code-projects.org/

[Exploit, Third Party Advisory] https://github.com/BinBall/cve/blob/master/README.md

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.303269

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.303269

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.547882

Scores

CVSS v3 6.3

EPSS 0.0006

EPSS Percentile 17.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-74 CWE-89

Status published

Affected Products (1)

code-projects/patient_record_management_system

Timeline

Published Apr 04, 2025

Tracked Since Feb 18, 2026