PT-2025-27228 · Unknown · Sfturing Hosp Order

Bi8Bu

Published

2025-06-27

Updated

2025-06-27

CVE-2025-6768

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: sfturing hosp order up to 627f426331da8086ce8fff2017d65b1ddef384f8

Description: A critical vulnerability has been found in the affected software. The issue is related to the findAllHosByCondition function in the HospitalServiceImpl.java file, where the manipulation of the hospitalName argument leads to SQL injection. This can be exploited remotely.

Recommendations: As a temporary workaround, consider restricting the input for the hospitalName argument in the findAllHosByCondition function to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2025-6768

Affected Products

Sfturing Hosp Order

PT-2025-27228 · Unknown · Sfturing Hosp Order

CVE-2025-6768

Weakness Enumeration

Related Identifiers

Affected Products

References · 7