CVE-2025-6768

Name of the Vulnerable Software and Affected Versions: sfturing hosp order up to 627f426331da8086ce8fff2017d65b1ddef384f8

Description: A critical vulnerability has been found in the affected software. The issue is related to the findAllHosByCondition function in the HospitalServiceImpl.java file, where the manipulation of the hospitalName argument leads to SQL injection. This can be exploited remotely.

Recommendations: As a temporary workaround, consider restricting the input for the hospitalName argument in the findAllHosByCondition function to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.