CVE-2025-4739

Name of the Vulnerable Software and Affected Versions: projectworlds Hospital Database Management System version 1.0

Description: A critical issue was found in the projectworlds Hospital Database Management System. This issue affects an unknown part of the file /medicines info.php. The manipulation of the Med ID argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations: For projectworlds Hospital Database Management System version 1.0, consider disabling the /medicines info.php file or restricting access to it until a patch is available. Avoid using the Med ID argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.