CVE-2025-3347: code-projects Patient Record Management System dental_pending.php sql injection
First published: Mon Apr 07 2025(Updated: )
A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /dental_pending.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Patient Record Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-3347?
CVE-2025-3347 is classified as a critical vulnerability.
How does CVE-2025-3347 affect Patient Record Management System?
CVE-2025-3347 allows for SQL injection through the manipulation of the argument ID in the file /dental_pending.php.
Can CVE-2025-3347 be exploited remotely?
Yes, CVE-2025-3347 is exploitable remotely.
What steps should be taken to fix CVE-2025-3347?
To fix CVE-2025-3347, sanitize and validate all user inputs to prevent SQL injection.
Which software versions are affected by CVE-2025-3347?
CVE-2025-3347 affects version 1.0 of the Patient Record Management System by code-projects.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/first-publish-date
- agent/references
- agent/description
- agent/weakness
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/code-projects
- canonical/patient record management system