CVE-2025-4197: code-projects Patient Record Management System edit_xpatient.php sql injection
First published: Fri May 02 2025(Updated: )
A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file /edit_xpatient.php. The manipulation of the argument lastname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Patient Record Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4197?
CVE-2025-4197 is classified as a critical vulnerability.
How does CVE-2025-4197 affect the Patient Record Management System?
CVE-2025-4197 allows for SQL injection through manipulation of the 'lastname' argument in the /edit_xpatient.php file.
Can CVE-2025-4197 be exploited remotely?
Yes, CVE-2025-4197 can be exploited remotely.
What is the potential impact of exploiting CVE-2025-4197?
Exploiting CVE-2025-4197 could allow an attacker to gain unauthorized access to the database and manipulate sensitive patient records.
How can I mitigate CVE-2025-4197 in my system?
To mitigate CVE-2025-4197, ensure input validation and use prepared statements to prevent SQL injection.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/code-projects
- canonical/patient record management system