CNNVD-202509-2666 Information

Sep 17, 2025 cve

CNNVD ID

CNNVD-202509-2666

CVE-2025-10618

CNNVD Published: 2025-09-17

Description (Chinese)

itsourcecode Online Clinic Management System是itsourcecode开源的一个在线诊所管理系统。 itsourcecode Online Clinic Management System 1.0版本存在SQL注入漏洞，该漏洞源于对文件transact.php中参数firstname的错误操作，可能导致SQL注入攻击。

Description (English)

Its sourcecode Online Clinic Management System is an online clinical management system for the open source of itsourcecode. Its sourcecode Online Clinic Management System Version 1.0 contains an injection loophole in SQL, which is the result of a mishandling of the parameter firstname in document Transact.php, which could lead to an attack on SQL injection.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

itsourcecode

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/drew-byte/Online-Clinic-Management-System_TimeBasedSQLi_PoC/blob/main/README.md https://itsourcecode.com/ https://vuldb.com/?ctiid.324645 https://vuldb.com/?id.324645 https://vuldb.com/?submit.650177

Share on: