
CVE-2025-7147 – CodeAstro Patient Record Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2025-7147
07 Jul 2025 — A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2025-6664 – CodeAstro Patient Record Management System cross-site request forgery
https://notcve.org/view.php?id=CVE-2025-6664
25 Jun 2025 — A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.313878 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •

CVE-2025-6452 – CodeAstro Patient Record Management System Generate New Report Page cross site scripting
https://notcve.org/view.php?id=CVE-2025-6452
22 Jun 2025 — A vulnerability was found in CodeAstro Patient Record Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Generate New Report Page. The manipulation of the argument Patient Name/Name leads to cross site scripting. The attack may be initiated remotely. • https://codeastro.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •