CVE-2025-57254

Name of the Vulnerable Software and Affected Versions Karthikg1908 Hospital Management System (HMS) version 1.0

Description An SQL injection issue exists in the user-login.php and index.php files. The application does not properly sanitize input before using it in SQL queries. This allows remote attackers to execute arbitrary SQL queries through the username and password POST parameters. Successful exploitation could lead to unauthorized access, privilege escalation, account takeover, or exposure of sensitive medical data.

Recommendations Update to a newer version that contains a fix for this vulnerability.