CNNVD-202601-950 Information

Jan 05, 2026 cve

CNNVD ID

CNNVD-202601-950

CVE-2025-15450

CNNVD Published: 2026-01-05

Description (Chinese)

hosporder是中国Xiaohao.Shi个人开发者的一个医院预约挂号系统。 hosporder 627f426331da8086ce8fff2017d65b1ddef384f8及之前版本存在SQL注入漏洞，该漏洞源于对文件/ssm_pro/orderHos/中函数findOrderHosNum的参数hospitalAddress/hospitalName的错误操作，可能导致SQL注入。

Description (English)

Hosporder is a hospital booking system for Xiaohao.Shi personal developers in China. There is an injection loophole in SQL from the hosporder 627f4231da8086ce8ffff2017d65b1def384f8 and earlier versions, which is the result of an error in the HOspicalAddress/hospitalName parameter for the document/ssm pro/orderHos/medianFindOrderHosNum, which could lead to SQL injection.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

个人开发者

Published

2026-01-05

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.339483 https://vuldb.com/?id.339483 https://vuldb.com/?submit.722925 https://github.com/sfturing/hosp_order/issues/111#issue-3760306826 https://access.redhat.com/security/cve/cve-2025-15450

Share on: