PT-2025-38277 · Itsourcecode · Itsourcecode Online Clinic Management System
Drewbyte
·
Published
2025-09-17
·
Updated
2025-09-18
·
CVE-2025-10618
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
itsourcecode Online Clinic Management System version 1.0
Description
A security issue exists in itsourcecode Online Clinic Management System 1.0 related to the
transact.php file. Manipulation of the firstname parameter can lead to SQL injection, potentially allowing for remote attacks. The exploit for this issue has been publicly disclosed. Other parameters may also be affected.Recommendations
As a temporary workaround, consider restricting access to the
transact.php file until a fix is available.
Avoid using the firstname parameter in the affected file until the issue is resolved.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Itsourcecode Online Clinic Management System