CVE-2025-5712

CWE-74 CWE-89 — SQL Injection3 documents3 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 64.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Open Source Clinic Management System Nikhil-bhalerao Open Source Clinic Management System

Timeline

PublishedJun 6

Description

A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /appointment.php. The manipulation of the argument patient leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/open_source_clinic_management_system1.0

▶NVDnikhil-bhalerao/open_source_clinic_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-v8x2-mmvc-7287: A vulnerability has been found in SourceCodester Open Source Clinic Management System 1↗2025-06-06

▶

CVEList

SourceCodester Open Source Clinic Management System appointment.php sql injection↗2025-06-06

▶