PT-2025-29971 · Unknown · Patient Record Management System

Damon Gilbert

Published

2025-07-17

Updated

2025-07-18

CVE-2025-7754

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Patient Record Management System version 1.0

Description A critical issue exists in the Patient Record Management System. The vulnerability is due to SQL injection within the /xray form.php file. Manipulation of the itr no argument can lead to exploitation. The exploit has been publicly disclosed and may be used to initiate attacks remotely.

Recommendations Patient Record Management System version 1.0: Sanitize or validate the itr no argument to prevent SQL injection.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-7754

Affected Products

Patient Record Management System

PT-2025-29971 · Unknown · Patient Record Management System

CVE-2025-7754

Weakness Enumeration

Related Identifiers

Affected Products

References · 10