CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5208 – SourceCodester Online Hospital Management System check_availability.php sql injection
https://notcve.org/view.php?id=CVE-2025-5208
26 May 2025 — A vulnerability, which was classified as critical, was found in SourceCodester Online Hospital Management System 1.0. This affects an unknown part of the file /admin/check_availability.php. The manipulation of the argument emailid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/snkercyber/CVE/issues/4 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5362 – SourceCodester Online Hospital Management System departmentDoctor.php sql injection
https://notcve.org/view.php?id=CVE-2024-5362
26 May 2024 — A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Affected is an unknown function of the file departmentDoctor.php. The manipulation of the argument deptid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CveSecLook/cve/issues/41 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •