CVE-2025-4739 – projectworlds Hospital Database Management System medicines_info.php sql injection

https://notcve.org/view.php?id=CVE-2025-4739

16 May 2025 — A vulnerability was found in projectworlds Hospital Database Management System 1.0. It has been classified as critical. This affects an unknown part of the file /medicines_info.php. The manipulation of the argument Med_ID leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/3169417664/cve/issues/1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •