Description
An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password POST parameters. The application fails to properly sanitize input before embedding it into SQL queries, leading to unauthorized access or potential data breaches. This can result in privilege escalation, account takeover, or exposure of sensitive medical data.
INFO
Published Date :
2025-09-30T00:00:00.000Z
Last Modified :
2025-10-01T20:04:52.863Z
Source :
mitre
AFFECTED PRODUCTS
The following products are affected by CVE-2025-57254 vulnerability.
| Vendors | Products |
|---|---|
| Hospital Management System |
|
| Hospital Management System Project |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-57254.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact